CVEFinder.io

CVE-2025-26465

đŸ”ļ medium
🔍 Scan for this CVE
Summary

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

CVSS Score
6.8
Medium
EPSS Score
64.4
Exploit Probability
Published Date
2025-02-18
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.8% of all 329,456 vulnerabilities in our database.

#168,698
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Feb 19, 2025
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-11-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE IDs (Weakness Types)
CWE-390

đŸ“Ļ Affected Products 9

Vendor Product Status Affected Versions
debian debian_linux Affected
v11.0
debian debian_linux Affected
v12.0
openbsd openssh Affected
≥ 6.9 ≤ 9.8
openbsd openssh Affected
v6.8
openbsd openssh Affected
v9.9
redhat enterprise_linux Affected
v9.0
redhat openshift_container_platform Affected
v4.0
netapp active_iq_unified_manager Affected
v-
netapp ontap Affected
v9

🔗 References 25

https://access.redhat.com/errata/RHSA-2025:16823
https://access.redhat.com/errata/RHSA-2025:3837
https://access.redhat.com/errata/RHSA-2025:6993
https://access.redhat.com/errata/RHSA-2025:8385
https://access.redhat.com/security/cve/CVE-2025-26465
Third Party Advisory
https://access.redhat.com/solutions/7109879
https://bugzilla.redhat.com/show_bug.cgi?id=2344780
Issue Tracking Third Party Advisory
https://seclists.org/oss-sec/2025/q1/144
Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Feb/18
http://seclists.org/fulldisclosure/2025/May/7
http://seclists.org/fulldisclosure/2025/May/8
https://blog.qualys.com/vulnerabilities-threat-resea...
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1237040
Issue Tracking
https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/comm...
Patch
https://lists.debian.org/debian-lts-announce/2025/02...
Third Party Advisory
https://lists.mindrot.org/pipermail/openssh-unix-ann...
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2025...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250228-0...
Third Party Advisory
https://ubuntu.com/security/CVE-2025-26465
Third Party Advisory
https://www.openssh.com/releasenotes.html#9.9p2
Release Notes
https://www.openwall.com/lists/oss-security/2025/02/...
Mailing List Third Party Advisory
https://www.openwall.com/lists/oss-security/2025/02/...
Mailing List Third Party Advisory
https://www.theregister.com/2025/02/18/openssh_vulne...
Press/Media Coverage
https://www.vicarius.io/vsociety/posts/cve-2025-2646...
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-2646...
Mitigation Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-1764 đŸ”ļ medium 5.6 0.2 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially craf... 2026-06-16
CVE-2026-1766 đŸ”ļ medium 5.6 0.2 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke... 2026-06-16
CVE-2026-1767 đŸ”ļ medium 5.6 0.2 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` compo... 2026-06-16
CVE-2026-11785 đŸ”ļ medium 4.3 0.2 A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial st... 2026-06-09
CVE-2026-11786 ℹī¸ low 1.9 0.2 A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute ... 2026-06-09
CVE-2026-11787 đŸ”ļ medium 5.0 0.2 A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without ... 2026-06-09
These CVEs affect the same products