CVE-2025-3576

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-3576

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-3576.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-3576

Aliases

Downstream

DEBIAN-CVE-2025-3576

DLA-4195-1

ECHO-64ee-f30c-7bc0

OESA-2025-2124

OESA-2025-2125

OESA-2025-2126

RHSA-2025:13664

RHSA-2025:13777

RHSA-2025:15000

RHSA-2025:15001

RHSA-2025:15002

RHSA-2025:15003

RHSA-2025:15004

RHSA-2025:8411

RHSA-2025:9418

RHSA-2025:9430

RLSA-2025:8411

RLSA-2025:9418

RLSA-2025:9430

SUSE-SU-2025:03270-1

SUSE-SU-2025:3698-1

SUSE-SU-2025:3699-1

UBUNTU-CVE-2025-3576

USN-7542-1

Related

Withdrawn

2026-01-27T04:20:01.645599Z

Published

2025-04-15T06:15:44Z

Modified

2026-01-27T04:20:01.645599Z

Summary

[none]

Details

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

References

Affected packages