CVE-2025-2545

Deprecated 3DES cryptographic algorithm used by Request Tracker in emails encrypted with S/MIME

CVSS 2.3 LOWEPSS 0.2%CWE-327

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 2.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 may 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Best Practical Solutions · Request Tracker

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://docs.bestpractical.com/release-notes/rt/4.4.8 https://docs.bestpractical.com/release-notes/rt/5.0.8 https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical