CVE-2025-26465

🔶 medium

Summary

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

CVSS Score

6.8

Medium

EPSS Score

64.4

Exploit Probability

Published Date

2025-02-18

First Seen: 2026-01-05

Last Modified 2025-11-03

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE IDs (Weakness Types)

CWE-390

🔗 References 26

https://access.redhat.com/errata/RHSA-2025:16823

https://access.redhat.com/errata/RHSA-2025:3837

https://access.redhat.com/errata/RHSA-2025:6993

https://access.redhat.com/errata/RHSA-2025:8385

https://access.redhat.com/security/cve/CVE-2025-26465

Third Party Advisory

https://access.redhat.com/solutions/7109879

https://bugzilla.redhat.com/show_bug.cgi?id=2344780

Issue Tracking Third Party Advisory

https://seclists.org/oss-sec/2025/q1/144

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2025/Feb/18

http://seclists.org/fulldisclosure/2025/May/7

http://seclists.org/fulldisclosure/2025/May/8

https://blog.qualys.com/vulnerabilities-threat-resea...

Third Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1237040

Issue Tracking

https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/comm...

Patch

https://lists.debian.org/debian-lts-announce/2025/02...

Third Party Advisory

https://lists.mindrot.org/pipermail/openssh-unix-ann...

Third Party Advisory

https://security-tracker.debian.org/tracker/CVE-2025...

Third Party Advisory

https://security.netapp.com/advisory/ntap-20250228-0...

Third Party Advisory

https://ubuntu.com/security/CVE-2025-26465

Third Party Advisory

https://www.openssh.com/releasenotes.html#9.9p2

Release Notes

https://www.openwall.com/lists/oss-security/2025/02/...

Mailing List Third Party Advisory

https://www.openwall.com/lists/oss-security/2025/02/...

Mailing List Third Party Advisory

https://www.theregister.com/2025/02/18/openssh_vulne...

Press/Media Coverage

https://www.vicarius.io/vsociety/posts/cve-2025-2646...

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-2646...

Mitigation Third Party Advisory

https://seclists.org/oss-sec/2025/q1/144

Mailing List Third Party Advisory

📦 Affected Products 9

Vendor	Product	Status	Affected Versions
debian	debian_linux	Affected	v11.0
debian	debian_linux	Affected	v12.0
openbsd	openssh	Affected	≥ 6.9 ≤ 9.8
openbsd	openssh	Affected	v6.8
openbsd	openssh	Affected	v9.9
redhat	enterprise_linux	Affected	v9.0
redhat	openshift_container_platform	Affected	v4.0
netapp	active_iq_unified_manager	Affected	v-
netapp	ontap	Affected	v9

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-68670	⛔ critical	9.1	0.3	xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi...	2026-01-27
CVE-2026-24061	⛔ critical	9.8	29.6	telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment ...	2026-01-21
CVE-2026-22050	🔶 medium	4.3	0.0	ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a ...	2026-01-12
CVE-2025-14512	🔶 medium	6.5	0.1	A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov...	2025-12-11
CVE-2025-14087	🔶 medium	5.6	0.3	A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a...	2025-12-10
CVE-2025-6966	🔶 medium	5.5	0.0	NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause ...	2025-12-05

These CVEs affect the same products