{"api_version":"1","generated_at":"2026-05-12T20:58:10+00:00","cve":"CVE-2025-26465","urls":{"html":"https://cve.report/CVE-2025-26465","api":"https://cve.report/api/cve/CVE-2025-26465.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-26465","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-26465"},"summary":{"title":"Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled","description":"A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-02-18 19:15:29","updated_at":"2026-05-12 13:16:40"},"problem_types":["CWE-390","CWE-390 Detection of Error Condition Without Action"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://www.openwall.com/lists/oss-security/2025/02/18/1","name":"https://www.openwall.com/lists/oss-security/2025/02/18/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/","name":"https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1237040","name":"https://bugzilla.suse.com/show_bug.cgi?id=1237040","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://ubuntu.com/security/CVE-2025-26465","name":"https://ubuntu.com/security/CVE-2025-26465","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/May/7","name":"http://seclists.org/fulldisclosure/2025/May/7","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig","name":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-26465","name":"https://access.redhat.com/security/cve/CVE-2025-26465","refsource":"secalert@redhat.com","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:6993","name":"https://access.redhat.com/errata/RHSA-2025:6993","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh","name":"https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/solutions/7109879","name":"https://access.redhat.com/solutions/7109879","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.netapp.com/advisory/ntap-20250228-0003/","name":"https://security.netapp.com/advisory/ntap-20250228-0003/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466","name":"https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.openwall.com/lists/oss-security/2025/02/18/4","name":"https://www.openwall.com/lists/oss-security/2025/02/18/4","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344780","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2344780","refsource":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html","name":"https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh","name":"https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/May/8","name":"http://seclists.org/fulldisclosure/2025/May/8","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.openssh.com/releasenotes.html#9.9p2","name":"https://www.openssh.com/releasenotes.html#9.9p2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html","name":"https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security-tracker.debian.org/tracker/CVE-2025-26465","name":"https://security-tracker.debian.org/tracker/CVE-2025-26465","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:3837","name":"https://access.redhat.com/errata/RHSA-2025:3837","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:16823","name":"https://access.redhat.com/errata/RHSA-2025:16823","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/Feb/18","name":"http://seclists.org/fulldisclosure/2025/Feb/18","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:8385","name":"https://access.redhat.com/errata/RHSA-2025:8385","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://seclists.org/oss-sec/2025/q1/144","name":"https://seclists.org/oss-sec/2025/q1/144","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Mailing List","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-26465","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-26465","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:8.0p1-26.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","version":"unaffected 0:8.0p1-26.el8_10 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:8.7p1-45.el9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"unaffected 0:8.7p1-45.el9 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","version":"unaffected 0:8.7p1-38.el9_4.5 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Discovery 1.14","version":"unaffected sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63 * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","version":"affected V3.1.5 * custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-02-10T21:56:03.853Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-02-17T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"ontap","cpe6":"9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"6.8","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"9.9","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"9.9","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"9.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"26465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-03T21:12:55.938Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html"},{"url":"https://www.openwall.com/lists/oss-security/2025/02/18/1"},{"url":"https://www.openwall.com/lists/oss-security/2025/02/18/4"},{"url":"https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1237040"},{"url":"https://security-tracker.debian.org/tracker/CVE-2025-26465"},{"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig"},{"url":"https://ubuntu.com/security/CVE-2025-26465"},{"url":"https://www.openssh.com/releasenotes.html#9.9p2"},{"url":"https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466"},{"url":"https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html"},{"url":"https://security.netapp.com/advisory/ntap-20250228-0003/"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh"},{"url":"http://seclists.org/fulldisclosure/2025/May/8"},{"url":"http://seclists.org/fulldisclosure/2025/May/7"},{"url":"http://seclists.org/fulldisclosure/2025/Feb/18"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2025-26465","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-02-19T15:02:09.369445Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-02-19T15:02:45.555Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://seclists.org/oss-sec/2025/q1/144"}],"title":"CISA ADP Vulnrichment"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"V3.1.5","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T12:04:14.721Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"collectionURL":"https://www.openssh.com/","defaultStatus":"unaffected","packageName":"OpenSSH","repo":"https://anongit.mindrot.org/openssh.git","versions":[{"lessThanOrEqual":"9.9p1","status":"affected","version":"6.8p1","versionType":"custom"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.0p1-26.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.0p1-26.el8_10","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos","cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.7p1-45.el9","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos","cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.7p1-45.el9","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos","cpe:/a:redhat:rhel_eus:9.4::appstream"],"defaultStatus":"affected","packageName":"openssh","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.7p1-38.el9_4.5","versionType":"rpm"}]},{"collectionURL":"https://catalog.redhat.com/software/containers/","cpes":["cpe:/a:redhat:discovery:1.14::el9"],"defaultStatus":"affected","packageName":"discovery/discovery-server-rhel9","product":"Red Hat Discovery 1.14","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"unaffected","packageName":"openssh","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"openssh","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unknown","packageName":"openssh","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"rhcos","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"}],"datePublic":"2025-02-17T00:00:00.000Z","descriptions":[{"lang":"en","value":"A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-390","description":"Detection of Error Condition Without Action","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-01-29T18:20:15.981Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:16823","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:16823"},{"name":"RHSA-2025:3837","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:3837"},{"name":"RHSA-2025:6993","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:6993"},{"name":"RHSA-2025:8385","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:8385"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-26465"},{"url":"https://access.redhat.com/solutions/7109879"},{"name":"RHBZ#2344780","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344780"},{"url":"https://seclists.org/oss-sec/2025/q1/144"}],"timeline":[{"lang":"en","time":"2025-02-10T21:56:03.853Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-02-17T00:00:00.000Z","value":"Made public."}],"title":"Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-390: Detection of Error Condition Without Action"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-26465","datePublished":"2025-02-18T18:27:16.843Z","dateReserved":"2025-02-10T18:31:47.978Z","dateUpdated":"2026-05-12T12:04:14.721Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-02-18 19:15:29","lastModifiedDate":"2026-05-12 13:16:40","problem_types":["CWE-390","CWE-390 Detection of Error Condition Without Action"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndIncluding":"9.8","matchCriteriaId":"AD9E4318-20E3-420F-8EF5-7C05C3386586"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*","matchCriteriaId":"50836FA3-8116-4D58-B73E-B4830FB3A551"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*","matchCriteriaId":"E2B53BBB-6916-478C-A896-77C7F7E7D5DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:*","matchCriteriaId":"F7A2B794-BA83-4A01-BD2E-541F18CB9E37"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*","matchCriteriaId":"A20333EE-4C13-426E-8B54-D78679D5DDB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"26465","Ordinal":"1","Title":"Openssh: machine-in-the-middle attack if verifyhostkeydns is ena","CVE":"CVE-2025-26465","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"26465","Ordinal":"1","NoteData":"A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.","Type":"Description","Title":"Openssh: machine-in-the-middle attack if verifyhostkeydns is ena"}]}}}