Vulnerability DatabaseCVE-2025-61873

CVE-2025-61873:
Linux Debian vulnerability analysis and mitigation

Overview

A critical security vulnerability identified as CVE-2025-61873 affects Best Practical Request Tracker (RT) versions 4.4 through 4.4.7 and 5.0 through 5.0.7. The vulnerability was disclosed on October 24, 2025, and impacts multiple versions of the request-tracker4 and request-tracker5 packages across various distributions (Debian Security, Ubuntu Security).

Technical details

The vulnerability has received a CVSS score of 10.0 (Critical) with a vector string of (AV:N/AC:L/Au:N/C:C/I:C/A:C), indicating a severe security issue with network accessibility, low attack complexity, and no authentication required (Rapid7).

Impact

Based on the CVSS metrics, the vulnerability allows for complete compromise of system confidentiality, integrity, and availability. The critical severity rating suggests potential for significant impact on affected systems (Rapid7).

Mitigation and workarounds

Fixed versions have been released for affected distributions. For Debian, request-tracker4 has been fixed in version 4.4.4+dfsg-2+deb11u5 for bullseye and 4.4.6+dfsg-1.1+deb12u3 for bookworm. Request-tracker5 has been fixed in version 5.0.3+dfsg-3~deb12u4 for bookworm and 5.0.7+dfsg-4+deb13u1 for trixie. The fixes are available through the respective security repositories (Debian Security).

Additional resources

Source: This report was generated using AI

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-23745	HIGH	8.2	JavaScript	argo-workflows-fips-3.6	No	Yes	Jan 16, 2026
CVE-2026-23535	HIGH	8	Python	wlc	No	Yes	Jan 16, 2026
CVE-2026-23490	HIGH	7.5	Python	pyasn1	No	Yes	Jan 16, 2026
CVE-2026-23643	MEDIUM	5.4	CakePHP	cakephp	No	Yes	Jan 16, 2026
CVE-2025-61873	LOW	2.6	Linux Debian	request-tracker4	No	Yes	Jan 16, 2026