CVE-2025-2545: Cryptographic algorithm not recommended in Request Tracker by Best Practical Solutions

2.3 CVSS

Description

Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0.7, where the Triple DES (3DES) cryptographic algorithm is used within SMIME code to encrypt S/MIME emails. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

Classification

CVE ID: CVE-2025-2545

CVSS Base Severity: LOW

CVSS Base Score: 2.3

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Affected Products

Vendor: Best Practical Solutions

Product: Request Tracker

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.19% (scored less or equal to compared to others)

EPSS Date: 2025-06-03 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2545
https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-algorithm-not-recommended-request-tracker-best-practical

Timeline

2025-05-05 10:45:27 UTC
Incibe CERT

Algoritmo criptográfico no recomendado en Request Tracker de Best Practical Solutions
2025-05-05 12:40:22 UTC
CVE

Cryptographic algorithm not recommended in Request Tracker by Best Practical Solutions