Spoofing Vulnerability in MIT Kerberos Implemented in Various Products
CVE-2025-3576

5.9MEDIUM

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
15 April 2025

What is CVE-2025-3576?

A vulnerability exists in the MIT Kerberos implementation that exposes GSSAPI-protected messages to spoofing attacks. This issue arises from weaknesses in the MD5 checksum design when using RC4-HMAC-MD5 as the encryption standard. If an attacker is able to exploit this vulnerability, they could create MD5 collisions, allowing them to forge message integrity codes and manipulate message content without detection. Such unauthorized tampering could compromise the integrity and confidentiality of communications secured by Kerberos.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2025:11487
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13664
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:13777
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.