[TheRegister] FreSSH bugs undiscovered for years threaten OpenSSH security
Qualys discovered the bugs in January, per its disclosure timeline. Patches for CVE-2025-26465 and CVE-2025-26466 were released this morning.
![[TheRegister] FreSSH bugs undiscovered for years threaten OpenSSH security](https://images.unsplash.com/photo-1629654297299-c8506221ca97?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=M3wxMTc3M3wwfDF8c2VhcmNofDF8fGxpbnV4fGVufDB8fHx8MTc0MDg0ODA0N3ww&ixlib=rb-4.0.3&q=80&w=1200)
Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow miscreants to perform machine-in-the-middle (MitM) attacks on the OpenSSH client and pre-authentication denial-of-service (DoS) attacks. Patches for CVE-2025-26465 and CVE-2025-26466 were released this morning.
OpenSSH bugs threaten enterprise security, uptime
Exploit code now available for MitM and DoS attacks
Connor Jones