New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Two vulnerabilities in OpenSSH, CVE-2025-26465 and CVE-2025-26466, enable MitM and DoS attacks, respectively. CVE-2025-26465, impacting versions 6.8p1 to 9.9p1, allows MitM attacks when the VerifyHostKeyDNS option is enabled, potentially compromising SSH sessions. CVE-2025-26466, affecting versions 9.5p1 to 9.9p1, can lead to DoS attacks, causing resource exhaustion and disrupting server management.