Spoofing Vulnerability in MIT Kerberos Implemented in Various Products
CVE-2025-3576

5.9MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Ansible Automation Platform 2
Vendor
CVE Published:
15 April 2025

What is CVE-2025-3576?

A vulnerability exists in the MIT Kerberos implementation that exposes GSSAPI-protected messages to spoofing attacks. This issue arises from weaknesses in the MD5 checksum design when using RC4-HMAC-MD5 as the encryption standard. If an attacker is able to exploit this vulnerability, they could create MD5 collisions, allowing them to forge message integrity codes and manipulate message content without detection. Such unauthorized tampering could compromise the integrity and confidentiality of communications secured by Kerberos.

Affected Version(s)

Red Hat Enterprise Linux 10 0:1.21.3-8.el10_0

Red Hat Enterprise Linux 8 0:1.18.2-32.el8_10

Red Hat Enterprise Linux 9 0:1.21.1-8.el9_6

References

https://access.redhat.com/errata/RHSA-2025:8411
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9418
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:9430
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.