Fluid Attacks Database

Description

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	request-tracker4	=4.4.6+dfsg-1.1 \|\| =4.4.6+dfsg-1.1+deb12u1 \|\| >=0 <4.4.6+dfsg-1.1+deb12u2	4.4.6+dfsg-1.1+deb12u2
debian 11	request-tracker4	=4.4.4+dfsg-2 \|\| =4.4.4+dfsg-2+deb11u1 \|\| =4.4.4+dfsg-2+deb11u2 \|\| =4.4.4+dfsg-2+deb11u3 \|\| >=0 <4.4.4+dfsg-2+deb11u4	4.4.4+dfsg-2+deb11u4
debian 12	request-tracker5	=5.0.3+dfsg-2 \|\| =5.0.3+dfsg-3~deb12u1 \|\| =5.0.3+dfsg-3~deb12u2 \|\| >=0 <5.0.3+dfsg-3~deb12u3	5.0.3+dfsg-3~deb12u3
debian 13	request-tracker5	>=0 <5.0.7+dfsg-3	5.0.7+dfsg-3
debian 14	request-tracker5	>=0 <5.0.7+dfsg-3	5.0.7+dfsg-3

Aliases

1. CVE-2025-25452. NVD-2025-25453. OSV-DEBIAN-2025-25454. OSV-2025-25455. SECURITY-TRACKER-CVE-2025-2545

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.