CVE-2025-65185

EUVD-2025-203899
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.8 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CISA-ADPADP
2.8 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
entrinsikinformer
5.10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://entrinsik.com
https://www.triaxiomsecurity.com/entrinsik-informer-username-enumeration-cve-2025-65185/