How to apply mitigation for CVE-2025-26465?

Solution Verified - Updated 23 Oct 2025

Environment

Red Hat Enterprise Linux 7 and higher
- OpenSSH

Issue

I want to apply mitigation for CVE-2025-26465

Resolution

Please follow the procedure described in the Diagnostic Steps section. If this is a match, proceed further, otherwise or if in doubt, open a case on the Customer Portal referencing this solution.

It is important to note that the first condition for this vulnerability to be exploited is for the OpenSSH client to have the VerifyHostKeyDNS option enabled. This, however, is disabled by default in Red Hat Enterprise Linux (RHEL). If you have enabled this manually, we suggest disabling it in order to mitigate the issue:

Disabling the VerifyHostKeyDNS option in the /etc/ssh/ssh_config file if enabled

```
# vim /etc/ssh/ssh_config
VerifyHostKeyDNS  no
```

Mostly important to note that the vulnerability has been fixed in RHEL 9 and 8 through official errata updates.

Red Hat Enterprise Linux 9

Fixed in errata RHSA-2025:6993, released on May 13, 2025.

Red Hat Enterprise Linux 8

Fixed in errata RHSA-2025:16823, released on September 25, 2025.

Please see the official CVE page for fix update for Red Hat Enterprise Linux (RHEL) 9 and 8 .Red Hat Enterprise Linux (RHEL) 7 is out of support scope for this CVE.

Root Cause

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Diagnostic Steps

Verify if the VerifyHostKeyDNS option exists and is enabled:

```
# grep VerifyHostKeyDNS /etc/ssh/ssh_config /etc/ssh/ssh_config.d/*
/etc/ssh/ssh_config:VerifyHostKeyDNS  yes
```

SBR

Security Vulnerabilities

Product(s)

Red Hat Enterprise Linux

Components

openssh

Category

Secure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.