OpenSSH Vulnerability CVE-2025-26465
search cancel

OpenSSH Vulnerability CVE-2025-26465

book

Article ID: 395273

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

A security scan with Qualys Tool discovered CVE-2025-26465 in vCenter Server as vulnerability level 4.

Environment

Telco Cloud Platform Version 5.0

vCenter Server 8U3d

VMware Photon OS 4.0

Openssh-clients-8.9p1-8.ph4.x86_64

Openssh-server-8.9p1-8.ph4.x86_64

Openssh-8.9p1-8.ph4.x86_64

Resolution

This issue is fixed in vCenter Server 8.0 Update 3g.

Additional Information

CVE-2025-26465 Description:
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Commands to verify the Openssh Version

Run the following command to verify the version being used in the environment.

  • Login with root user and output the full version of SSH in the Product with command as mentioned below,

#rpm -qa | grep openssh

  • Then look at the patch version and compare it here

Photon OS Security Advisories

#rpm -qa | grep openssh

Powered by Wolken Software