How severe is CVE-2025-26465?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2025-26465?

This is classified as CWE-390, which is a common weakness in software security.

CVE-2025-26465 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Related Vulnerabilities

CVE-2025-25204

MEDIUM

CVSS:6.3(Medium)

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` c...

CWE-3902025

CVE-2024-12086

MEDIUM

CVSS:6.1(Medium)

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. Du...

CWE-3902024

CVE-2024-27919

HIGH

CVSS:7.5(High)

Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does ...

CWE-3902024

CVE-2017-7485

MEDIUM

CVSS:5.9(Medium)

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection...

CWE-3902017

CVE-2024-11942

MEDIUM

CVSS:5.9(Medium)

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

CWE-3902024

CVE-2024-20316

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured ...

CWE-3902024