Spoofing Vulnerability in MIT Kerberos Implemented in Various Products
CVE-2025-3576

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability exists in the MIT Kerberos implementation that exposes GSSAPI-protected messages to spoofing attacks. This issue arises from weaknesses in the MD5 checksum design when using RC4-HMAC-MD5 as the encryption standard. If an attacker is able to exploit this vulnerability, they could create MD5 collisions, allowing them to forge message integrity codes and manipulate message content without detection. Such unauthorized tampering could compromise the integrity and confidentiality of communications secured by Kerberos.

References

https://access.redhat.com/security/cve/CVE-2025-3576

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359465

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Apr 14, 2025