CVE-2025-22869

CVSS 3.1 Score 7.5 of 10 (high)

Attack Complexity low
Availability high
Confidentiality none
Integrity none
Scope unchanged
Privileges Required none

Details

Published Feb 26, 2025
CWE ID 770

Summary

CVE-2025-22869 is a newly identified denial-of-service (DoS) vulnerability that affects SSH servers implementing file transfer protocols. The issue arises when clients deliberately slow down or fail to complete the key exchange during the file transfer process. As a result, pending content is read into server memory, consuming significant resources and causing a DoS condition. Servers that do not properly manage memory allocation during file transfers are particularly susceptible to this attack. To mitigate the risk, administrators are advised to apply patches and update their SSH servers as soon as possible. Additionally, implementing rate limiting and access control policies can help prevent excessive resource consumption from potential attackers.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share