CVE-2025-2545

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
INCIBECNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Debian logo
Debian Releases
Debian Product
Codename
request-tracker4
bullseye
vulnerable
bullseye (security)
4.4.4+dfsg-2+deb11u4
fixed
bookworm
4.4.6+dfsg-1.1+deb12u2
fixed
bookworm (security)
4.4.6+dfsg-1.1+deb12u2
fixed
sid
vulnerable
request-tracker5
bookworm
5.0.3+dfsg-3~deb12u3
fixed
bookworm (security)
5.0.3+dfsg-3~deb12u3
fixed
sid
5.0.7+dfsg-4
fixed
trixie
5.0.7+dfsg-4
fixed
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical
https://docs.bestpractical.com/release-notes/rt/4.4.8
https://docs.bestpractical.com/release-notes/rt/5.0.8