Vulnerability Description
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:11487
- https://access.redhat.com/errata/RHSA-2025:13664
- https://access.redhat.com/errata/RHSA-2025:13777
- https://access.redhat.com/errata/RHSA-2025:15000
- https://access.redhat.com/errata/RHSA-2025:15001
- https://access.redhat.com/errata/RHSA-2025:15002
- https://access.redhat.com/errata/RHSA-2025:15003
- https://access.redhat.com/errata/RHSA-2025:15004
- https://access.redhat.com/errata/RHSA-2025:8411
- https://access.redhat.com/errata/RHSA-2025:9418
- https://access.redhat.com/errata/RHSA-2025:9430
- https://access.redhat.com/security/cve/CVE-2025-3576
- https://bugzilla.redhat.com/show_bug.cgi?id=2359465
- https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html
FAQ
What is CVE-2025-3576?
CVE-2025-3576 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger enc...
How severe is CVE-2025-3576?
CVE-2025-3576 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-3576?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.