OpenSSH Vulnerability CVE-2025-26465 reported in Aria Operations
search cancel

OpenSSH Vulnerability CVE-2025-26465 reported in Aria Operations

book

Article ID: 395405

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

  • OpenSSH vulnerability CVE-2025-26465 have been identified in Aria Operations nodes and cloud Proxy.
  • CVE-2025-26465: This vulnerability is caused by a logic flaw in OpenSSH that could allow a man-in-the-middle (MITM) attacker to impersonate a trusted server when the VerifyHostKeyDNS option is enabled.By default, this option is disabled, which limits exposure in standard configurations.

Environment

VMware Aria Operations 8.18.x

Resolution

  • Vulnerability 'CVE-2025-26465' have been addressed in Aria Operations 8.18.3 and above as part of the Photon OS 5 update (OpenSSH 9.3p2-12.ph5).
  • Use the following command to verify the openssh version: rpm -qa | grep openssh
  • Sample output from version 8.18.3:
    root@AriaOps [ ~ ]# rpm -qa | grep openssh
    openssh-clients-9.3p2-12.ph5.x86_64
    openssh-server-9.3p2-12.ph5.x86_64
    openssh-9.3p2-12.ph5.x86_64

 

Additional Information

This CVE is not included in the fixed CVE list as its CVSS score is below 7.

 

Powered by Wolken Software