Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
WARNING: OPENSSH VULNERABILITIES EXPOSE CLIENTS AND SERVERS TO MAN-IN-THE-MIDDLE AND DENIAL-OF-SERVICE ATTACKS, PATCH IMMEDIATELY!
Image
Gepubliceerd : 19/02/2025
Reference:
Advisory #2025-39
Version:
1.0
Affected software:
OpenSSH versions 6.8p1 to 9.9p1 (Included)
Type:
CWE-390: Detection of Error Condition Without Action; CWE-400: Uncontrolled Resource Consumption
CVE/CVSS:
CVE-2025-26465: CVSS 6.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
CVE-2025-26466: CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Sources
CVE-2025-26465: https://access.redhat.com/security/cve/CVE-2025-26465
CVE-2025-26466: https://access.redhat.com/security/cve/CVE-2025-26466
Vendor: https://www.openssh.com/releasenotes.html#9.9p2
Risks
On February 18, 2025, two vulnerabilities affecting both the client and server of the widely used OpenSSH package were disclosed. OpenSSH is an open-source implementation of the Secure Shell protocol, which enables encrypted communication and is a critical service for remote system management.
While no active exploitation of these vulnerabilities has been observed, SSH services remain a popular target for attackers.
A successful exploitation of the more severe vulnerability could allow an attacker to position themselves for a man-in-the-middle (MITM) attack, compromising the integrity and confidentiality of the SSH connection.
Description
CVE-2025-26465 (Man-in-the-Middle-Attack on OpenSSH Client), CVSS 6.9
An attacker could exploit this vulnerability when the VerifyHostKeyDNS option is set to "yes" or "ask" (which is disabled by default). In this scenario, an attacker could perform a man-in-the-middle (MITM) attack by impersonating the SSH server. This would allow the attacker to intercept or manipulate the SSH connection. Note that the VerifyHostKeyDNS option was enabled by default on FreeBSD from September 2013 to March 2023.
CVE-2025-26466 (Pre-authentication Denial of Service Attack on OpenSSH Client and Server), CVSS 5.9
This vulnerability allows an attacker to trigger an asymmetric resource consumption attack (using excessive CPU and memory) on both the OpenSSH client and server, which can lead to a denial of service (DoS) before authentication.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. The vulnerabilities are addressed in OpenSSH version 9.9p2. You can find the release notes on https://www.openssh.com/releasenotes.html#9.9p2
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Researchers blog: https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466