OpenSSH vulnerabilities could expose users to cyber threats. Researchers have identified two flaws that could allow man-in-the-middle (MitM) attacks or denial of service (DoS). These security risks could enable attackers to steal credentials or crash systems, making it crucial for users to update their software immediately.
Security experts have identified two key flaws: CVE-2025-26465 and CVE-2025-26466. Both are linked to memory errors and could be exploited in different ways. The first flaw allows a client to unknowingly connect to a malicious server, giving attackers access to sensitive data. However, this attack only works if the VerifyHostKeyDNS setting is enabled. The second flaw enables attackers to flood OpenSSH clients or servers with excessive requests, causing system crashes.
Understanding Man-in-the-Middle Attacks
A man-in-the-middle attack occurs when an attacker secretly intercepts communication between two parties. They can steal sensitive data, manipulate messages, or even alter commands sent between users and servers. In OpenSSH, this could mean hackers gaining access to login credentials or executing unauthorized commands. Therefore, protecting against MitM attacks is critical for securing data transmissions.
How Attackers Exploit These Flaws
The CVE-2025-26465 vulnerability has existed in OpenSSH since December 2024. It allows attackers to redirect a connection to a fake server, tricking users into entering their credentials. Some systems, like FreeBSD, had this feature enabled by default for years, making them especially vulnerable.
The CVE-2025-26466 vulnerability, on the other hand, was introduced in August 2023. It enables denial-of-service attacks, where attackers overwhelm OpenSSH clients or servers with excessive pings. This results in memory exhaustion, forcing the system to crash or behave unpredictably.
Researchers have noted that when OpenSSH clients ping a server, they allocate unlimited memory. If an attacker floods the system with requests, it causes a memory overload. This process can bypass key verification, allowing attackers to hijack connections.
How to Prevent These Attacks
Updating to OpenSSH 9.9p2 is the best way to protect against these vulnerabilities. This version patches the security flaws, preventing attackers from exploiting them. If an immediate update is not possible, users should disable VerifyHostKeyDNS and adjust security settings to reduce attack risks.
Additionally, organizations should monitor network traffic for unusual activity. Using multi-factor authentication (MFA) can also help prevent unauthorized access. Encrypting data transfers and employing intrusion detection systems (IDS) further strengthens security against MitM attacks.
With OpenSSH being widely used across Linux, macOS, and Unix-like systems, securing it is essential. Cyber threats are constantly evolving, so regular updates and best security practices are key to preventing attacks.
Sleep well, we got you covered.
To learn more about this attack and how to prevent it, talk with our cyber security expert:
