CVE-2025-26465
Published: 18 February 2025
Description
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Security Summary
CVE-2025-26465 is a vulnerability in OpenSSH that arises when the VerifyHostKeyDNS option is enabled. It stems from OpenSSH's mishandling of error codes under specific conditions during host key verification, allowing a malicious machine to impersonate a legitimate server in a machine-in-the-middle (MitM) attack. The issue is classified under CWE-390 (Detection of Error Condition Without Action) and carries a CVSS v3.1 base score of 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).
A remote attacker with network access can exploit this vulnerability by positioning themselves in the MitM path between the client and server. Exploitation requires user interaction, such as initiating an SSH connection, and high attack complexity, including exhausting the client's memory resources beforehand. Successful exploitation enables the attacker to impersonate the legitimate server, potentially compromising confidentiality and integrity of the SSH session.
Red Hat has issued multiple security errata addressing this vulnerability, including RHSA-2025:16823, RHSA-2025:3837, RHSA-2025:6993, and RHSA-2025:8385, with additional details available on their CVE page at https://access.redhat.com/security/cve/CVE-2025-26465. These advisories provide patches and mitigation guidance for affected systems.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables a machine-in-the-middle attack allowing impersonation of legitimate SSH servers by bypassing host key verification in OpenSSH clients when VerifyHostKeyDNS is enabled.