Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-3576

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-15 Apr, 2025 | 05:55
Updated At-13 Aug, 2025 | 08:59
Rejected At-
Credits

Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:15 Apr, 2025 | 05:55
Updated At:13 Aug, 2025 | 08:59
Rejected At:
▼CVE Numbering Authority (CNA)
Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

Affected Products
Collection URL
https://web.mit.edu/kerberos/
Package Name
krb5
Default Status
unaffected
Versions
Affected
  • From 0 before 1.22 (semver)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
krb5
CPEs
  • cpe:/o:redhat:enterprise_linux:10.0
Default Status
affected
Versions
Unaffected
  • From 0:1.21.3-8.el10_0 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
krb5
CPEs
  • cpe:/o:redhat:enterprise_linux:8::baseos
Default Status
affected
Versions
Unaffected
  • From 0:1.18.2-32.el8_10 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
krb5
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:1.21.1-8.el9_6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
krb5
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/o:redhat:enterprise_linux:9::baseos
Default Status
affected
Versions
Unaffected
  • From 0:1.21.1-8.el9_6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
krb5
CPEs
  • cpe:/a:redhat:rhel_e4s:9.2::appstream
  • cpe:/o:redhat:rhel_e4s:9.2::baseos
Default Status
affected
Versions
Unaffected
  • From 0:1.20.1-9.el9_2.3 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.4 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
krb5
CPEs
  • cpe:/a:redhat:rhel_eus:9.4::appstream
  • cpe:/o:redhat:rhel_eus:9.4::baseos
Default Status
affected
Versions
Unaffected
  • From 0:1.21.1-2.el9_4.2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Discovery 2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
registry.redhat.io/discovery/discovery-server-rhel9
CPEs
  • cpe:/a:redhat:discovery:2::el9
Default Status
affected
Versions
Unaffected
  • From sha256:bd9cb502def3153c193713b56372694cb555a71b38d4fc0fd9d021bccc5602de before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
aap-cloud-metrics-collector-container
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ansible-automation-platform-24/ee-minimal-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ansible-automation-platform-24/ee-supported-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ansible-automation-platform-24/platform-resource-runner-rhel8
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ansible-automation-platform-25/ansible-builder-rhel8
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
krb5
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
krb5
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat OpenShift Container Platform 4
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhcos
CPEs
  • cpe:/a:redhat:openshift:4
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-328Use of Weak Hash
Type: CWE
CWE ID: CWE-328
Description: Use of Weak Hash
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2025-04-14 11:00:53
Made public.2025-04-15 00:00:00
Event: Reported to Red Hat.
Date: 2025-04-14 11:00:53
Event: Made public.
Date: 2025-04-15 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2025:11487
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13664
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13777
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:8411
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9418
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9430
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-3576
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2359465
issue-tracking
x_refsource_REDHAT
https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:11487
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:13664
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:13777
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:8411
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:9418
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:9430
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-3576
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2359465
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:15 Apr, 2025 | 06:15
Updated At:13 Aug, 2025 | 09:15

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-328Secondarysecalert@redhat.com
CWE ID: CWE-328
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2025:11487secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:13664secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:13777secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:8411secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:9418secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:9430secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2025-3576secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2359465secalert@redhat.com
N/A
https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.htmlsecalert@redhat.com
N/A
https://lists.debian.org/debian-lts-announce/2025/05/msg00047.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:11487
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:13664
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:13777
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:8411
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:9418
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:9430
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-3576
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2359465
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2023-3347
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.42% / 61.02%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 14:54
Updated-06 Dec, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: smb2 packet signing is not enforced when "server signing = required" is set

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Action-Not Available
Vendor-SambaFedora ProjectRed Hat, Inc.
Product-storageenterprise_linuxfedorasambaRed Hat Enterprise Linux 9Red Hat Storage 3Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CVE-2023-7008
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 52.37%
||
7 Day CHG~0.00%
Published-23 Dec, 2023 | 13:00
Updated-23 Nov, 2024 | 03:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Action-Not Available
Vendor-systemd_projectDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxsystemdRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Cryostat 2
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2024-3049
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.62% / 69.02%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 05:30
Updated-01 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Booth: specially crafted hash can lead to invalid hmac being accepted by booth server

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Action-Not Available
Vendor-clusterlabsRed Hat, Inc.
Product-enterprise_linux_for_ibm_z_systems_eusenterprise_linux_server_update_services_for_sap_solutionsboothenterprise_linuxenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_for_arm_64Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
Details not found