CVE-2025-26465
Description
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle (MitM) attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client’s memory resource first, turning the attack complexity high.
Mitigation
This issue is rated as a medium severity vulnerability because it requires specific conditions to be exploitable.
First, the OpenSSH client must have the VerifyHostKeyDNS option enabled, which is disabled by default on most systems.
Additionally, while the attack allows a MitM adversary to trick the client into accepting an incorrect host key,
it does not directly lead to code execution or immediate system compromise.
Instead, the attack requires additional steps, such as credential interception or session hijacking to fully exploit the breach.
| CVSS | 3.1 |
|---|---|
| Base Score | 6.8 |
| Severity | Medium |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | None |