CVE-2025-2545

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-2545
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
CVSS

No CVSS.

References
Link Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical
https://docs.bestpractical.com/release-notes/rt/4.4.8
https://docs.bestpractical.com/release-notes/rt/5.0.8
https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html
Configurations

No configuration.

History

03 Nov 2025, 20:18

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html -
Summary (es) Vulnerabilidad en el Request Tracker v5.0.7 de Best Practical Solutions, LLC, donde se utiliza el algoritmo criptográfico Triple DES (3DES) dentro del código SMIME para cifrar correos electrónicos S/MIME. Triple DES se considera obsoleto e inseguro debido a su susceptibilidad a ataques de cumpleaños, que podrían comprometer la confidencialidad de los mensajes cifrados. (es) Vulnerabilidad en las versiones de Request Tracker anteriores a 5.0.8 de Best Practical Solutions, LLC,, donde se utiliza el algoritmo criptográfico Triple DES (3DES) para proteger los correos enviados con cifrado S/MIME. El algoritmo Triple DES se considera obsoleto e inseguro debido a su susceptibilidad a ataques de cumpleaños, lo que podría comprometer la confidencialidad de los mensajes cifrados.

29 May 2025, 11:15

Type Values Removed Values Added
Summary (en) Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0.7, where the Triple DES (3DES) cryptographic algorithm is used within SMIME code to encrypt S/MIME emails. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages. (en) Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

28 May 2025, 18:15

Type Values Removed Values Added
References
  • () https://docs.bestpractical.com/release-notes/rt/4.4.8 -
  • () https://docs.bestpractical.com/release-notes/rt/5.0.8 -
Summary
  • (es) Vulnerabilidad en el Request Tracker v5.0.7 de Best Practical Solutions, LLC, donde se utiliza el algoritmo criptográfico Triple DES (3DES) dentro del código SMIME para cifrar correos electrónicos S/MIME. Triple DES se considera obsoleto e inseguro debido a su susceptibilidad a ataques de cumpleaños, que podrían comprometer la confidencialidad de los mensajes cifrados.

05 May 2025, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-05 12:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-2545

Mitre link : CVE-2025-2545

CVE.ORG link : CVE-2025-2545

JSON object : View

Products Affected

No product.

CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm