{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-26465","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-02-10T18:31:47.978Z","datePublished":"2025-02-18T18:27:16.843Z","dateUpdated":"2026-05-12T12:04:14.721Z"},"containers":{"cna":{"title":"Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high."}],"affected":[{"repo":"https://anongit.mindrot.org/openssh.git","versions":[{"status":"affected","version":"6.8p1","versionType":"custom","lessThanOrEqual":"9.9p1"}],"packageName":"OpenSSH","collectionURL":"https://www.openssh.com/","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","defaultStatus":"affected","versions":[{"version":"0:8.0p1-26.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","defaultStatus":"affected","versions":[{"version":"0:8.0p1-26.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","defaultStatus":"affected","versions":[{"version":"0:8.7p1-45.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:enterprise_linux:9::baseos","cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","defaultStatus":"affected","versions":[{"version":"0:8.7p1-45.el9","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:enterprise_linux:9::baseos","cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","defaultStatus":"affected","versions":[{"version":"0:8.7p1-38.el9_4.5","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos","cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Discovery 1.14","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","defaultStatus":"affected","versions":[{"version":"sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:discovery:1.14::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:16823","name":"RHSA-2025:16823","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:3837","name":"RHSA-2025:3837","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:6993","name":"RHSA-2025:6993","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:8385","name":"RHSA-2025:8385","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-26465","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/solutions/7109879"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344780","name":"RHBZ#2344780","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://seclists.org/oss-sec/2025/q1/144"}],"datePublic":"2025-02-17T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-390","description":"Detection of Error Condition Without Action","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-390: Detection of Error Condition Without Action","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"timeline":[{"lang":"en","time":"2025-02-10T21:56:03.853Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-02-17T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-01-29T18:20:15.981Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html"},{"url":"https://www.openwall.com/lists/oss-security/2025/02/18/1"},{"url":"https://www.openwall.com/lists/oss-security/2025/02/18/4"},{"url":"https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1237040"},{"url":"https://security-tracker.debian.org/tracker/CVE-2025-26465"},{"url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig"},{"url":"https://ubuntu.com/security/CVE-2025-26465"},{"url":"https://www.openssh.com/releasenotes.html#9.9p2"},{"url":"https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466"},{"url":"https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html"},{"url":"https://security.netapp.com/advisory/ntap-20250228-0003/"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh"},{"url":"http://seclists.org/fulldisclosure/2025/May/8"},{"url":"http://seclists.org/fulldisclosure/2025/May/7"},{"url":"http://seclists.org/fulldisclosure/2025/Feb/18"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:12:55.938Z"}},{"references":[{"url":"https://seclists.org/oss-sec/2025/q1/144","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-19T15:02:09.369445Z","id":"CVE-2025-26465","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-19T15:02:45.555Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T12:04:14.721Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.5","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-082556.html"}]}]}}