CVE-2025-26465

Name
CVE-2025-26465
Description
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-26465
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2344780
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
af854a3a-2127-422b-91ae-364da2661108 https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
af854a3a-2127-422b-91ae-364da2661108 https://bugzilla.suse.com/show_bug.cgi?id=1237040
af854a3a-2127-422b-91ae-364da2661108 https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
af854a3a-2127-422b-91ae-364da2661108 https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html
af854a3a-2127-422b-91ae-364da2661108 https://security-tracker.debian.org/tracker/CVE-2025-26465
af854a3a-2127-422b-91ae-364da2661108 https://ubuntu.com/security/CVE-2025-26465
af854a3a-2127-422b-91ae-364da2661108 https://www.openssh.com/releasenotes.html#9.9p2
af854a3a-2127-422b-91ae-364da2661108 https://www.openwall.com/lists/oss-security/2025/02/18/1
af854a3a-2127-422b-91ae-364da2661108 https://www.openwall.com/lists/oss-security/2025/02/18/4
af854a3a-2127-422b-91ae-364da2661108 https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
134c704f-9b21-4f2e-91b3-4a467353bcc0 https://seclists.org/oss-sec/2025/q1/144
af854a3a-2127-422b-91ae-364da2661108 https://security.netapp.com/advisory/ntap-20250228-0003/
af854a3a-2127-422b-91ae-364da2661108 https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh
af854a3a-2127-422b-91ae-364da2661108 https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh
vendor-advisory https://access.redhat.com/errata/RHSA-2025:3837
vendor-advisory https://access.redhat.com/errata/RHSA-2025:6993
vendor-advisory https://access.redhat.com/errata/RHSA-2025:8385
vendor-advisory https://access.redhat.com/errata/RHSA-2025:16823
secalert@redhat.com https://access.redhat.com/solutions/7109879
af854a3a-2127-422b-91ae-364da2661108 http://seclists.org/fulldisclosure/2025/May/7
af854a3a-2127-422b-91ae-364da2661108 http://seclists.org/fulldisclosure/2025/May/8

Match rules

CPE URI Source package Min version Max version
shopxo >= 6.8p1 <= 9.9p1
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:8.0p1-26.el8_10 < *
cpe:/o:redhat:enterprise_linux:9::baseos shopxo >= 0:8.7p1-45.el9 < *
cpe:/o:redhat:rhel_eus:9.4::baseos shopxo >= 0:8.7p1-38.el9_4.5 < *
cpe:/a:redhat:discovery:1.14::el9 shopxo >= sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openssh edge-main 9.9_p2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
openssh 3.22-main 9.9_p2-r0 None fixed
openssh 3.21-main 9.9_p2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
openssh 3.20-main 9.7_p1-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
openssh 3.20-main 9.7_p1-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openssh 3.19-main 9.7_p2-r5 None fixed
openssh 3.19-main 9.6_p1-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
openssh 3.19-main 9.6_p1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openssh 3.18-main 9.3_p2-r3 Natanael Copa <ncopa@alpinelinux.org> fixed