Qualys researchers identified two vulnerabilities in OpenSSH, one of which (CVE-2025-26465) allows attackers to bypass identity verification via the VerifyHostKeyDNS option. This vulnerability poses risks for systems where this option is enabled. The second vulnerability (CVE-2025-26466) results in a pre-authentication denial-of-service attack that affects both clients and servers, leading to high memory and CPU usage. Users are advised to disable the VerifyHostKeyDNS setting and await upgrades to mitigate these risks, which may take weeks for widespread system updates.
Security researchers at Qualys have uncovered two significant vulnerabilities in OpenSSH, with one allowing for dangerous man-in-the-middle attacks.
The critical vulnerability enables attackers to bypass server identity checks via the VerifyHostKeyDNS option, posing risks for systems with this setting enabled.
Collection
[
|
...
]