- 46/2025
- Medium
OpenSSH released a security update to fix multiple vulnerabilities affecting OpenSSH version 9.9p1 and prior.
The addressed vulnerabilities could allow the remote attacker to perform denial-of-service attacks or conduct man-in-the-middle attacks and obtain sensitive information from the affected systems.
1. OpenSSH Information Disclosure Vulnerability (CVE-2025-26465):
- CVSS: 6.8
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
2. OpenSSH Denial of Services Vulnerability (CVE-2025-26466):
- CVSS: 5.9
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2025-26465
- CVE-2025-26466
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed and should check with its vendors for updates if any.