VDB
CVE-2025-2545
CVE-2025-2545
PUBLISHED
CVSS 2.299999952316284 LOW
Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0.7, where the Triple DES (3DES) cryptographic algorithm is used within SMIME code to encrypt S/MIME emails. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
EPSS 0.15% · 35.2th percentile
Risk Scores
CVSS 4.0
2.299999952316284
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.15%
35.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Best Practical Solutions | Request Tracker | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-2545 (circl-sighting)
- https://docs.bestpractical.com/release-notes/rt/4.4.8 (circl)
- https://docs.bestpractical.com/release-notes/rt/5.0.8 (circl)
- https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html (circl)
- https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical (circl)
Timeline
- May 5, 2025 EPSS Score
- May 5, 2025 CVE Published
- May 5, 2025 PoC Published
- May 17, 2025 EPSS Score
- May 28, 2025 EPSS Score
- Jun 9, 2025 EPSS Score
- Jun 21, 2025 EPSS Score
- Jul 3, 2025 EPSS Score
- Jul 14, 2025 EPSS Score
- Jul 26, 2025 EPSS Score
- Aug 7, 2025 EPSS Score
- Aug 19, 2025 EPSS Score
References
- https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical url
- https://docs.bestpractical.com/release-notes/rt/4.4.8 url
- https://docs.bestpractical.com/release-notes/rt/5.0.8 url
- https://lists.debian.org/debian-lts-announce/2025/05/msg00009.html url
- https://nvd.nist.gov/vuln/detail/CVE-2025-2545 advisory