CVE-2025-65185

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.

low 2.8 CVSS 3.1

Published: Dec 17, 2025

Modified: Jan 5, 2026

Product: Informer

Versions: 5.10.1

Description

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.

References

https://entrinsik.com
https://www.triaxiomsecurity.com/entrinsik-informer-username-enumeration-cve-2025-65185/

CVSS Breakdown

Version	3.1
Score	2.8 / 10
Severity	low

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Weakness (CWE)

CWE-203

Affected Product

Vendor	Entrinsik
Product	Informer
Versions	5.10.1