Barracuda full logo

Cybersecurity Threat Advisory: New OpenSHH vulnerabilities

Temas:
21 feb 2025
|
Zachary Beaudet

Two OpenSSH vulnerabilities, CVE-2025-26465 and CVE-2025-26466, affect multiple versions of OpenSSH. These vulnerabilities can be exploited for man-in-the-middle (MitM) attacks or cause a denial-of-service (DoS) attack. Review this Cybersecurity Threat Advisory to mitigate your risk.

What is the threat?

OpenSSH is an open-source implementation of the Secure Shell (SSH) protocol 2.0, used for remote access, server management, and file transfers. CVE-2025-26465 affects the OpenSSH client when the VerifyHostKeyDNS option is enabled. CVE-2025-26466, on the other hand, can be exploited regardless of the VerifyHostKeyDNS option in use. Exploitation can occur without user interaction, even if no Secure Shell fingerprint record (SSHFP) exists.

Why is it noteworthy?

Millions of servers are potentially at risk from these two vulnerabilities. If successfully exploited, attackers can intercept or manipulate data transferred to unexpecting users. According to Shodan, about 33 million internet-exposed servers use OpenSSH. These vulnerabilities affect both the client and the server, allowing attackers to exploit them without authentication and launch DoS attacks by consuming memory and CPU resources asymmetrically.

What is the exposure or risk?

By default, the VerifyHostKeyDNS option is disabled. However, if an attacker performs a MitM attack, the client may accept the attacker’s key instead of the legitimate server’s key. This compromises the integrity of the SSH connection, enabling potential interception or tampering with the session before it is detected.

What are the recommendations?

Barracuda recommends the following actions to mitigate the effects of these vulnerabilities:

  • Update OpenSSH to version 9.9p2 as soon as possible.
  • Use data encryption to keep attackers from immediately leveraging data.
  • Keep malware-detection software up to date.
  • Adopt redundancy to ensure service availability even if one component fails.

References

For more in-depth information on the above recommendations, please visit the following links:

 

This threat advisory was originally published at SmarterMSP

 

Zachary Beaudet

Zachary is a Cybersecurity Analyst at Barracuda MSP. He's a security expert, working on our Blue Team within our Security Operations Center. Zachary supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

You can read more of his security articles here.

Publicaciones relacionadas:
Cybersecurity Threat Advisory: Microsoft Windows zero-click RCE vulnerability
Cybersecurity Threat Advisory: Microsoft Windows zero-click RCE vulnerability
 Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
 Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Apple’s PassKit
Cybersecurity Threat Advisory: Zero-day vulnerabilities found in Apple’s PassKit
 Cybersecurity Threat Advisory: Social engineering attacks targeting Okta
Cybersecurity Threat Advisory: Social engineering attacks targeting Okta
Search the blog

Subscribe to the Barracuda Blog.

Sign up to receive threat spotlights, industry commentary, and more.

Sign up to receive threat spotlights, industry commentary, and more.

Get all the latest news, research, and analysis delivered right to your inbox.