OpenSSH has released updates to fix two vulnerabilities: a man-in-the-middle (MitM) flaw (CVE-2025-26465) that has existed since 2014, and a denial of service (DoS) vulnerability (CVE-2025-26466) introduced in 2023. The MitM flaw allows attackers to exploit unsecure host key verifications, while the DoS vulnerability can lead to excessive resource consumption. Users are urged to upgrade to version 9.9p2, disable the VerifyHostKeyDNS feature, and impose connection rate limits to mitigate risks.
New OpenSSH Flaws Expose SSH Servers to MiTM and DoS Attacks
