CVE-2025-3576
MEDIUMRed Hat Enterprise Linux - Message Spoofing via RC4-HMAC-MD5 Weakness in MIT Kerberos GSSAPI
Title source: llmDescription
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
References (16)
Core 16
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:11487
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13664
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13777
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15000
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15001
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15002
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15003
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:15004
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:8411
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:9418
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:9430
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-3576
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2359465
Various Sources
https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
Scores
CVSS v3
5.9
EPSS
0.0028
EPSS Percentile
19.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-328
Status
published
Products (18)
Red Hat/Red Hat Discovery 2
sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3
Red Hat/Red Hat Enterprise Linux 10
0:1.21.3-8.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:1.18.2-32.el8_10
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support
0:1.17-19.el8_2.3
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:1.18.2-9.el8_4.3
Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
0:1.18.2-9.el8_4.3
Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
0:1.18.2-16.el8_6.4
Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service
0:1.18.2-16.el8_6.4
... and 8 more
Published
Apr 15, 2025
Tracked Since
Feb 18, 2026