CVE-2025-2545
Publication date 5 May 2025
Last updated 14 August 2025
Ubuntu priority
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| request-tracker4 | 25.04 plucky |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| request-tracker5 | 25.04 plucky |
Fixed 5.0.7+dfsg-2ubuntu0.1
|
| 24.04 LTS noble |
Fixed 5.0.5+dfsg-2ubuntu0.1~esm1
|
|
| 22.04 LTS jammy |
Fixed 5.0.1+dfsg-1ubuntu1+esm1
|
|
| 20.04 LTS focal | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialPatch details
| Package | Patch details |
|---|---|
| request-tracker4 |
|
| request-tracker5 |
|
References
Related Ubuntu Security Notices (USN)
- USN-7692-1
- Request Tracker vulnerabilities
- 13 August 2025