CVE-2025-2545

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical
https://docs.bestpractical.com/release-notes/rt/4.4.8
https://docs.bestpractical.com/release-notes/rt/5.0.8

Configurations

No configuration.

History

29 May 2025, 11:15

Type	Values Removed	Values Added
Summary	(en) Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0.7, where the Triple DES (3DES) cryptographic algorithm is used within SMIME code to encrypt S/MIME emails. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.	(en) Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

28 May 2025, 18:15

Type	Values Removed	Values Added
References		() https://docs.bestpractical.com/release-notes/rt/4.4.8 - () https://docs.bestpractical.com/release-notes/rt/5.0.8 -
Summary		(es) Vulnerabilidad en el Request Tracker v5.0.7 de Best Practical Solutions, LLC, donde se utiliza el algoritmo criptográfico Triple DES (3DES) dentro del código SMIME para cifrar correos electrónicos S/MIME. Triple DES se considera obsoleto e inseguro debido a su susceptibilidad a ataques de cumpleaños, que podrían comprometer la confidencialidad de los mensajes cifrados.

05 May 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-05 12:15

Updated : 2025-05-29 11:15

NVD link : CVE-2025-2545

Mitre link : CVE-2025-2545

CVE.ORG link : CVE-2025-2545

JSON object : View

Products Affected

No product.

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2025-2545", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-05T12:15:16.170", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical", "source": "cve-coordination@incibe.es"}, {"url": "https://docs.bestpractical.com/release-notes/rt/4.4.8", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages."}, {"lang": "es", "value": "Vulnerabilidad en el Request Tracker v5.0.7 de Best Practical Solutions, LLC, donde se utiliza el algoritmo criptogr\u00e1fico Triple DES (3DES) dentro del c\u00f3digo SMIME para cifrar correos electr\u00f3nicos S/MIME. Triple DES se considera obsoleto e inseguro debido a su susceptibilidad a ataques de cumplea\u00f1os, que podr\u00edan comprometer la confidencialidad de los mensajes cifrados."}], "lastModified": "2025-05-29T11:15:20.477", "sourceIdentifier": "cve-coordination@incibe.es"}