OpenSSH Vulnerabilities Could Pose Huge Threat To Businesses Everywhere
techradar.pro, Tuesday, February 18th, 2025
Qualys finds two worrying bugs in OpenSSH
OpenSSH carried two vulnerabilities that were enabling machine-in-the-middle (MitM) attacks and denial-of-service (DoS) attacks, experts have warned.
Cybersecurity researchers from the Qualys Threat Research Unit (TRU), who discovered the flaws and helped patch things up, noted they spotted two vulnerabilities, one tracked as CVE-2025-26465, and another tracked as CVE-2025-26466.
The former allows an active MitM attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled, while the latter affects both the OpenSSH client and server, and enables pre-authentication DoS attacks.