CVE-2025-26465: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine…

medium6.8CVSS 3.1

AVNACHPRNUIRSUCHIHAN

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
apple	macos_sequoia	—	—
apple	macos_sonoma	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	openssh	< openssh 1:9.2p1-2+deb12u5 (bookworm)	openssh 1:9.2p1-2+deb12u5 (bookworm)
msrc	azl3_openssh_9.8p1-3_on_azure_linux_3.0	—	—
msrc	azl3_openssh_9.8p1-4_on_azure_linux_3.0	—	—
msrc	cbl2_openssh_8.9p1-7_on_cbl_mariner_2.0	—	—
msrc	cbl2_openssh_8.9p1-8_on_cbl_mariner_2.0	—	—
netapp	ontap	—	—
openbsd	openssh	—	—
openbsd	openssh	—	—
openbsd	openssh	>= 0 < 1:8.4p1-5+deb11u4	1:8.4p1-5+deb11u4
openbsd	openssh	>= 0 < 1:9.2p1-2+deb12u5	1:9.2p1-2+deb12u5
openbsd	openssh	>= 0 < 1:9.9p2-1	1:9.9p2-1
openbsd	openssh	>= 0 < 1:9.9p2-1	1:9.9p2-1
openbsd	openssh	>= 0 < 1:8.2p1-4ubuntu0.12	1:8.2p1-4ubuntu0.12
openbsd	openssh	>= 0 < 1:8.9p1-3ubuntu0.11	1:8.9p1-3ubuntu0.11
openbsd	openssh	>= 0 < 1:9.6p1-3ubuntu13.8	1:9.6p1-3ubuntu13.8
openbsd	openssh	>= 0 < 1:7.2p2-4ubuntu2.10+esm7	1:7.2p2-4ubuntu2.10+esm7
openbsd	openssh	>= 0 < 1:7.6p1-4ubuntu0.7+esm4	1:7.6p1-4ubuntu0.7+esm4
openbsd	openssh	6.9 – 9.8	—
paloalto	pan-os	—	—
redhat	enterprise_linux	—	—
redhat	openshift_container_platform	—	—

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

osv6.8MEDIUM