OpenSSH: OpenSSH VerifyHostKeyDNS issue (CVE-2025-26465) #shorts

Summary

Welcome to our cybersecurity podcast, where today we'll be discussing a recent critical vulnerability, CVE-2025-26465, discovered in OpenSSH. This vulnerability affects multiple versions of Red Hat Enterprise Linux and OpenShift Container Platform and poses a serious threat of machine-in-the-middle attacks.

Product details

The vulnerability pertains to OpenSSH when the VerifyHostKeyDNS option is enabled. OpenSSH is a widely used suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client-server architecture.

Vulnerability type summary

CVE-2025-26465 falls under the 'Detection of Error Condition Without Action' problem type. This vulnerability is linked to how OpenSSH mishandles error codes during specific conditions, potentially allowing attackers to execute machine-in-the-middle attacks and lead to denial-of-service scenarios by exhausting client memory resources.

Details of the vulnerability

Discovered by Qualys TRU, this vulnerability arises in the VerifyHostKeyDNS component of OpenSSH. An attacker can exploit this by impersonating a legitimate server, leading to a machine-in-the-middle attack. The complexity of this attack is high, as it requires the attacker to first exhaust the client's memory resources. Additionally, it allows for weak encryption exploitation by manipulating unknown data.

Conclusion

In conclusion, CVE-2025-26465 highlights a critical security issue within OpenSSH that demands immediate attention. It underscores the importance of proactive vulnerability detection and timely updates to safeguard against potential attacks. Users of OpenSSH, particularly those using Red Hat products, should take urgent measures to mitigate this vulnerability by applying the latest patches and updates.

Watch the full video on YouTube: CVE-2025-26465

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2025-26465
Description
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Provider
redhat
CWE / problem types
Detection of Error Condition Without Action
Affected Software Versions
Red Hat:Red Hat Enterprise Linux 9.4 Extended Update Support:[{'version': '0:8.7p1-38.el9_4.5', 'lessThan': '*', 'versionType': 'rpm', 'status': 'unaffected'}],Red Hat:Red Hat Enterprise Linux 6:None,Red Hat:Red Hat Enterprise Linux 7:None,Red Hat:Red Hat Enterprise Linux 8:None,Red Hat:Red Hat Enterprise Linux 9:None,Red Hat:Red Hat OpenShift Container Platform 4:None
Date Published
2025-02-18T18:27:16.843Z
Last Updated
2025-05-06T20:40:44.108Z