CVE-2025-2545 LOW

CVE-2025-2545: Deprecated 3DES cryptographic algorithm used by Request Tracker in emails encrypted with S/MIME

Vendor Best Practical Solutions
Product Request Tracker
Weakness CWE-327 · Broken crypto
Published May 5, 2025
Last update November 3, 2025

CVSS base score

2.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.

Key dates

02Disclosure timeline

May 5, 2025 CVE published
November 3, 2025 Record updated