CVE-2025-3576: 
Kerberos vulnerability analysis and mitigation

A vulnerability in the MIT Kerberos implementation (CVE-2025-3576) allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. The vulnerability was discovered and disclosed on April 15, 2025, affecting MIT Kerberos implementations that use RC4-HMAC-MD5 encryption (NVD, Debian Tracker).

The vulnerability exists in the implementation of RC4-HMAC-MD5 checksums for GSSAPI-protected messages. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.9 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility with high attack complexity and potential for high impact on integrity (NVD).

The vulnerability can lead to unauthorized message tampering in GSSAPI-protected communications. When exploited, attackers can spoof messages by crafting altered content that maintains the same Message Integrity Code (MIC), potentially compromising the integrity of authenticated communications (Red Hat Bugzilla).

Since MIT Kerberos 1.21, the KDC will no longer issue tickets with RC4 or triple-DES session keys unless explicitly configured with the new allowrc4 or allowdes3 variables. Organizations should upgrade to the latest version and avoid using RC4-HMAC-MD5 encryption in favor of stronger alternatives (Debian Tracker).