CVE-2025-3576

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:11487
https://access.redhat.com/errata/RHSA-2025:13664
https://access.redhat.com/errata/RHSA-2025:13777
https://access.redhat.com/errata/RHSA-2025:15000
https://access.redhat.com/errata/RHSA-2025:15001
https://access.redhat.com/errata/RHSA-2025:15002
https://access.redhat.com/errata/RHSA-2025:15003
https://access.redhat.com/errata/RHSA-2025:15004
https://access.redhat.com/errata/RHSA-2025:8411
https://access.redhat.com/errata/RHSA-2025:9418
https://access.redhat.com/errata/RHSA-2025:9430
https://access.redhat.com/security/cve/CVE-2025-3576
https://bugzilla.redhat.com/show_bug.cgi?id=2359465
https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html

Configurations

No configuration.

History

No history.

Information

Published : 2025-04-15 06:15

Updated : 2025-09-02 10:15

NVD link : CVE-2025-3576

Mitre link : CVE-2025-3576

CVE.ORG link : CVE-2025-3576

JSON object : View

Products Affected

No product.

CWE

CWE-328

Use of Weak Hash

{"id": "CVE-2025-3576", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2025-04-15T06:15:44.047", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:11487", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:13664", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:13777", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:15000", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:15001", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:15002", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:15003", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:15004", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:8411", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9418", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9430", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-3576", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", "source": "[email protected]"}, {"url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-328"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de MIT Kerberos permite la falsificaci\u00f3n de mensajes protegidos por GSSAPI que utilizan RC4-HMAC-MD5 debido a debilidades en el dise\u00f1o de la suma de comprobaci\u00f3n MD5. Si se prefiere RC4 a tipos de cifrado m\u00e1s robustos, un atacante podr\u00eda aprovechar las colisiones MD5 para falsificar c\u00f3digos de integridad de mensajes. Esto podr\u00eda provocar la manipulaci\u00f3n no autorizada de mensajes."}], "lastModified": "2025-09-02T10:15:34.320", "sourceIdentifier": "[email protected]"}