OpenSSH security update: Attackers can hack into connections
The developers have closed two vulnerabilities in the current OpenSSH version. However, attacks are subject to certain conditions.
(Image: AFANASEV IVAN/Shutterstock.com)
The OpenSSH file transfer software can be attacked via two vulnerabilities. Attackers can trick victims into connecting to a server they control. Even if there are currently no reports of attacks, admins should not hesitate too long.
The dangers
If attackers successfully exploit the first vulnerability (CVE-2025-26465 “medium”), they can look into connections as a man-in-the-middle. The error is in the VerifyHostKeyDNS option, which is not active by default.
Another requirement is that attackers can manipulate the memory resources of vulnerable clients. Attacks are therefore not possible, without further ado. If this is the case, errors occur when checking a host key, so that the identity check for servers is bypassed. Victims then connect to a server under the control of attackers without warning.
Attackers can use the second vulnerability (CVE-2025-26466 “medium”) for DoS attacks. If such an attack is successful, it usually leads to crashes.
Videos by heise
Security update
Security researchers from Qualys discovered the vulnerabilities. They provide further information in an article. In a warning message, the developers assure that they have prepared OpenSSH 9.9p2 against the attacks described.
(des)
