CVE-2025-26465Detection of Error Condition Without Action in Openssh

CWE-390Detection of Error Condition Without Action18 documents11 sources
Severity
6.8MEDIUMNVD
EPSS
73.6%
top 1.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Openbsd OpensshDebian LinuxNetapp Ontap+2 more
Timeline
PublishedFeb 18
Latest updateAug 12

Description

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages3 packages

Debianopenbsd/openssh< 1:8.4p1-5+deb11u4+3
Ubuntuopenbsd/openssh< 1:8.2p1-4ubuntu0.12+4
NVDopenbsd/openssh6.99.8+2

Also affects: Ontap 9, Debian Linux 11.0, 12.0, Enterprise Linux 9.0, Openshift Container Platform 4.0

Patches

Patch: ftp.openbsd.org

🔴Vulnerability Details

5
GHSA
GHSA-jrwv-mv4h-7rrq: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled2025-02-18
OSV
openssh vulnerability2025-02-18
CVEList
Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled2025-02-18
OSV
openssh vulnerabilities2025-02-18
OSV
CVE-2025-26465: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled2025-02-18

📋Vendor Advisories

8
Apple
CVE-2025-26465: macOS Sonoma 14.7.62025-05-12
Apple
CVE-2025-26465: macOS Sequoia 15.52025-05-12
BSD
FreeBSD-SA-25:05.openssh: Multiple vulnerabilities in OpenSSH2025-02-21
Ubuntu
OpenSSH vulnerabilities2025-02-18
Ubuntu
OpenSSH vulnerability2025-02-18

🕵️Threat Intelligence

4
Qualys
Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 20252025-08-12
Qualys
Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 2025 | Qualys2025-08-12
Qualys
Qualys TRU Uncovers OpenSSH Vulnerabilities CVE‑2025‑26465 & CVE‑2025‑26466 | Qualys2025-02-18
Qualys
Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-264662025-02-18
CVE-2025-26465 — Openbsd Openssh vulnerability | cvebase