CVE-2025-3576

Medium CVSS: 5.9

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

Vendor

Product

CWE

CWE-328

Yayın Tarihi

2025-04-15 06:15:44

Güncelleme

2025-09-02 10:15:34

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-328 MEDIUM 2025

Referanslar

https://access.redhat.com/errata/RHSA-2025:11487 https://access.redhat.com/errata/RHSA-2025:13664 https://access.redhat.com/errata/RHSA-2025:13777 https://access.redhat.com/errata/RHSA-2025:15000 https://access.redhat.com/errata/RHSA-2025:15001 https://access.redhat.com/errata/RHSA-2025:15002 https://access.redhat.com/errata/RHSA-2025:15003 https://access.redhat.com/errata/RHSA-2025:15004 https://access.redhat.com/errata/RHSA-2025:8411 https://access.redhat.com/errata/RHSA-2025:9418 https://access.redhat.com/errata/RHSA-2025:9430 https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html