Summary: Two newly discovered vulnerabilities in OpenSSH, including a potential machine-in-the-middle (MitM) attack and a pre-authentication denial-of-service (DoS) attack, have been addressed with patches. Although their severity scores are moderate, the widespread use of OpenSSH among high-profile organizations raises concerns. Researchers emphasize the importance of updating to the latest version due to the risks associated with these vulnerabilities.
Affected: OpenSSH
Keypoints :
- Vulnerabilities CVE-2025-26465 (MitM) and CVE-2025-26466 (DoS) are now patched in OpenSSH version 9.9p2.
- The MitM vulnerability allows attackers to bypass server identity checks, potentially leading to intercepted or manipulated sensitive data.
- The DoS vulnerability could result in prolonged outages, hampering server maintenance and operational continuity.
Source: https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
Views: 21