CVE-2025-2545 — Use of a Broken or Risky Cryptographic Algorithm in Practical Solutions Request Tracker

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm6 documents5 sources

Severity

2.3LOWNVD

OSV7.5

EPSS

0.1%

top 64.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Best Practical Solutions Request Tracker Debian Request-tracker4 Debian Request-tracker5

Timeline

PublishedMay 5

Latest updateAug 13

Description

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5best_practical_solutions/request_tracker< 5.0.8

▶debiandebian/request-tracker4< request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)

▶debiandebian/request-tracker5< request-tracker4 4.4.6+dfsg-1.1+deb12u2 (bookworm)

🔴Vulnerability Details

OSV

request-tracker5 vulnerabilities↗2025-08-13

▶

GHSA

GHSA-33cx-2vvq-mf52: Vulnerability in Best Practical Solutions, LLC's Request Tracker v5↗2025-05-05

▶

OSV

CVE-2025-2545: Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5↗2025-05-05

▶

📋Vendor Advisories

Ubuntu

Request Tracker vulnerabilities↗2025-08-13

▶

Debian

CVE-2025-2545: request-tracker4 - Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8...↗2025

▶