CVE-2025-2545

EUVD-2025-13369
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Debian logo
Debian Releases
Debian Product
Codename
request-tracker4
bookworm
4.4.6+dfsg-1.1+deb12u3
fixed
bookworm (security)
4.4.6+dfsg-1.1+deb12u3
fixed
bullseye
vulnerable
bullseye (security)
4.4.4+dfsg-2+deb11u5
fixed
sid
vulnerable
request-tracker5
bookworm
5.0.3+dfsg-3~deb12u4
fixed
bookworm (security)
5.0.3+dfsg-3~deb12u4
fixed
forky
5.0.7+dfsg-6
fixed
sid
5.0.9+dfsg-3
fixed
trixie
5.0.7+dfsg-4+deb13u1
fixed
trixie (security)
5.0.7+dfsg-4+deb13u1
fixed
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical
https://docs.bestpractical.com/release-notes/rt/4.4.8
https://docs.bestpractical.com/release-notes/rt/5.0.8
https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html