CVE-2025-26465

Description

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

CVSS v3.1 Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Weakness Type (CWE)

CWE-390 CWE-390

Affected Products

Vendor	Product	Versions
openbsd	openssh	6.9 — 9.8
openbsd	openssh	All
openbsd	openssh	All
openbsd	openssh	All
netapp	active_iq_unified_manager	All
netapp	ontap	All
redhat	openshift_container_platform	All
debian	debian_linux	All
debian	debian_linux	All
redhat	enterprise_linux	All

References

Advisories & Patches

https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig

Other References

https://access.redhat.com/errata/RHSA-2025:16823 https://access.redhat.com/errata/RHSA-2025:3837 https://access.redhat.com/errata/RHSA-2025:6993 https://access.redhat.com/errata/RHSA-2025:8385 https://access.redhat.com/security/cve/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://seclists.org/oss-sec/2025/q1/144 http://seclists.org/fulldisclosure/2025/Feb/18 http://seclists.org/fulldisclosure/2025/May/7

Frequently Asked Questions

What is CVE-2025-26465? +

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. It has a CVSS v3.1 base score of 6.8 (MEDIUM).

How severe is CVE-2025-26465? +

CVE-2025-26465 has a CVSS v3.1 score of 6.8 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-26465? +

CVE-2025-26465 affects products from debian, netapp, openbsd, redhat, specifically: active_iq_unified_manager, debian_linux, enterprise_linux, ontap, openshift_container_platform, openssh. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-26465? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-49841 7.8

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.

CVE-2025-46367 7.8

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A …

CVE-2024-27919 7.5

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable …

CVE-2025-27039 6.6

Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request.

CVE-2025-25204 6.3

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a …

CVE-2024-12086 6.1

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from …