IM
IronMonkey Threat Research

CVE-2025-26465 MEDIUM

Published: 2025-02-18 | Last Modified: 2026-07-14 | Status: Modified

Description

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Additional Descriptions (1)

Se encontró una vulnerabilidad en OpenSSH cuando la opción VerifyHostKeyDNS está habilitada. Un ataque de máquina en el medio puede ser realizado mediante una máquina maliciosa que se hace pasar por un servidor legítimo. Este problema ocurre debido a cómo los códigos de error de OpenSSH Mishandles en condiciones específicas al verificar la clave del host. Para que un ataque se considere exitoso, el atacante debe lograr agotar el recurso de memoria del cliente primero, lo que gira la complejidad del ataque.

CVSS Metrics

Base Score: 6.8 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack VectorNETWORK
Attack ComplexityHIGH
Privileges RequiredNONE
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 1.6

Impact Score: 5.2

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-390

Affected Products

Vendor Product Version Update Type
openbsd openssh * <built-in method update of dict object at 0x702ba6eda180> Application
openbsd openssh 6.8 <built-in method update of dict object at 0x702bde165040> Application
openbsd openssh 9.9 <built-in method update of dict object at 0x702b80d181c0> Application
openbsd openssh 9.9 <built-in method update of dict object at 0x702ba6ed99c0> Application
netapp active_iq_unified_manager - <built-in method update of dict object at 0x702ba6eda4c0> Application
netapp ontap 9 <built-in method update of dict object at 0x702ba6ed9fc0> Application
redhat openshift_container_platform 4.0 <built-in method update of dict object at 0x702b80d1b500> Application
debian debian_linux 11.0 <built-in method update of dict object at 0x702bdd7d4400> Operating System
debian debian_linux 12.0 <built-in method update of dict object at 0x702b80d1af40> Operating System
redhat enterprise_linux 9.0 <built-in method update of dict object at 0x702ba6edbd80> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
Yes cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*
Yes cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

References

Notification
Message here