OpenSSH VerifyHostKeyDNS DoS via Host Key Verification Error
CVE-2025-26465 Published on February 18, 2025
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Vulnerability Analysis
CVE-2025-26465 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2025-26465. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Detection of Error Condition Without Action
The software detects a specific error, but takes no actions to handle the error.
Products Associated with CVE-2025-26465
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-26465 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.