Qualys has revealed two new vulnerabilities in OpenSSH, CVE-2025-26465 and CVE-2025-26466, which could lead to machine-in-the-middle (MitM) and pre-authentication denial-of-service (DoS) attacks. These vulnerabilities, although not classified as critical (severity scores of 6.8 and 5.9), pose risks especially for organizations that rely on OpenSSH for secure remote connections. The MitM vulnerability is contingent upon certain settings being enabled, which raises concerns for system administrators, particularly when considering the wide usage of OpenSSH across major platforms and companies.
Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.
The vulnerabilities allow miscreants to perform machine-in-the-middle (MitM) attacks on the OpenSSH client and pre-authentication denial-of-service (DoS) attacks.
Collection
[
|
...
]