CVE-2025-3576

low-risk

Published 2025-04-15

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

References (15)

https://access.redhat.com/errata/RHSA-2025:11487

https://access.redhat.com/errata/RHSA-2025:13664

https://access.redhat.com/errata/RHSA-2025:13777

https://access.redhat.com/errata/RHSA-2025:15000

https://access.redhat.com/errata/RHSA-2025:15001

https://access.redhat.com/errata/RHSA-2025:15002

https://access.redhat.com/errata/RHSA-2025:15003

https://access.redhat.com/errata/RHSA-2025:15004

https://access.redhat.com/errata/RHSA-2025:8411

https://access.redhat.com/errata/RHSA-2025:9418

https://access.redhat.com/errata/RHSA-2025:9430

https://access.redhat.com/security/cve/CVE-2025-3576

https://bugzilla.redhat.com/show_bug.cgi?id=2359465

https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html

https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal