CVE-2025-3576
published 2025-04-15CVE-2025-3576: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum…
PriorityP433medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
0.28%
19.3th percentile
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.20.1-2+deb12u4 (bookworm) | krb5 1.20.1-2+deb12u4 (bookworm) |
| mit | krb5 | >= 0 < 1.18.3-6+deb11u7 | 1.18.3-6+deb11u7 |
| mit | krb5 | >= 0 < 1.20.1-2+deb12u4 | 1.20.1-2+deb12u4 |
| mit | krb5 | >= 0 < 1.21.2-1 | 1.21.2-1 |
| mit | krb5 | >= 0 < 1.21.2-1 | 1.21.2-1 |
| msrc | azl3_krb5_1.21.3-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_krb5_1.19.4-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_krb5_1.19.4-4_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_msrc5.9MEDIUM
vendor_oracle5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Communications Risk Matrix: Core (Kerberos) — CVE-2025-3576
vendor_oracle·2025-10-15·CVSS 5.9
CVE-2025-3576 [MEDIUM] Oracle Oracle Communications Risk Matrix: Core (Kerberos) — CVE-2025-3576
Oracle Oracle Communications Risk Matrix: Core (Kerberos) vulnerability
CVE: CVE-2025-3576
CVSS: 5.9
Protocol: SSH
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2025 (OCT 2025)
Ubuntu
Kerberos vulnerability
vendor_ubuntu·2025-05-28
CVE-2025-3576 Kerberos vulnerability
Title: Kerberos vulnerability
Summary: Kerberos could be made to expose sensitive information over the network.
It was discovered that Kerberos allowed the usage of weak cryptographic
standards. An attacker could possibly use this issue to expose sensitive
information.
This update introduces the allow_rc4 and allow_des3 configuration options,
and disables the usage of RC4 and 3DES ciphers by default. Users are
advised to discontinue their usage and upgrade to stronger encryption
protocols. If the use of the insecure RC4 and 3DES algorithms is necessary,
they can be enabled with the aforementioned configuration options.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions
vendor_redhat·2025-04-15·CVSS 5.9
CVE-2025-3576 [MEDIUM] CWE-328 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions
krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
Statement: This issue i
Microsoft
Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
vendor_msrc·2025-04-08·CVSS 5.9
CVE-2025-3576 [MEDIUM] CWE-328 Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-
Debian
CVE-2025-3576: krb5 - A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messa...
vendor_debian·2025·CVSS 5.9
CVE-2025-3576 [MEDIUM] CVE-2025-3576: krb5 - A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messa...
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
Scope: local
bookworm: resolved (fixed in 1.20.1-2+deb12u4)
bullseye: resolved (fixed in 1.18.3-6+deb11u7)
forky: resolved (fixed in 1.21.2-1)
sid: resolved (fixed in 1.21.2-1)
trixie: resolved (fixed in 1.21.2-1)
GHSA
GHSA-rfh5-gx7w-h7v7: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 chec
ghsa_unreviewed·2025-04-15
CVE-2025-3576 [MEDIUM] CWE-328 GHSA-rfh5-gx7w-h7v7: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 chec
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
OSV
CVE-2025-3576: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 chec
osv·2025-04-15·CVSS 5.9
CVE-2025-3576 [MEDIUM] CVE-2025-3576: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 chec
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
No detection rules found.
No public exploits indexed.
https://access.redhat.com/errata/RHSA-2025:11487https://access.redhat.com/errata/RHSA-2025:13664https://access.redhat.com/errata/RHSA-2025:13777https://access.redhat.com/errata/RHSA-2025:15000https://access.redhat.com/errata/RHSA-2025:15001https://access.redhat.com/errata/RHSA-2025:15002https://access.redhat.com/errata/RHSA-2025:15003https://access.redhat.com/errata/RHSA-2025:15004https://access.redhat.com/errata/RHSA-2025:8411https://access.redhat.com/errata/RHSA-2025:9418https://access.redhat.com/errata/RHSA-2025:9430https://access.redhat.com/security/cve/CVE-2025-3576https://bugzilla.redhat.com/show_bug.cgi?id=2359465https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.htmlhttps://lists.debian.org/debian-lts-announce/2025/05/msg00047.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-577017.html
2025-04-15
Published