Security News > 2025 > February > New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
2025-02-18 15:34
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 - The OpenSSH client
News URL
https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html
Related news
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2025-26465 | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. | 6.8 |