CVE-2025-3576

Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions

Description

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

INFO

Published Date :

2025-04-15T05:55:26.732Z

Last Modified :

2026-02-17T07:33:07.311Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2025-3576 vulnerability.

Vendors	Products
Redhat	Discovery Enterprise Linux Openshift Rhel Aus Rhel E4s Rhel Eus Rhel Eus Long Life Rhel Tus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-3576.

URL	Resource
https://access.redhat.com/errata/RHSA-2025:11487
https://access.redhat.com/errata/RHSA-2025:13664
https://access.redhat.com/errata/RHSA-2025:13777
https://access.redhat.com/errata/RHSA-2025:15000
https://access.redhat.com/errata/RHSA-2025:15001
https://access.redhat.com/errata/RHSA-2025:15002
https://access.redhat.com/errata/RHSA-2025:15003
https://access.redhat.com/errata/RHSA-2025:15004
https://access.redhat.com/errata/RHSA-2025:8411
https://access.redhat.com/errata/RHSA-2025:9418
https://access.redhat.com/errata/RHSA-2025:9430
https://access.redhat.com/security/cve/CVE-2025-3576
https://bugzilla.redhat.com/show_bug.cgi?id=2359465
https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html
https://nvd.nist.gov/vuln/detail/CVE-2025-3576
https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html
https://www.cve.org/CVERecord?id=CVE-2025-3576

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact