CVE-2025-6056
MEDIUMErgon Informatik AG's Airlock IAM <8.3.1 - Info Disclosure
Title source: llmDescription
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
References (1)
Core 1
Core References
Various Sources third-party-advisory
https://www.redguard.ch/blog/2025/07/04/cve-2025-6056-airlock-iam-username-enumeration/
Scores
CVSS v4
6.9
EPSS
0.0032
EPSS Percentile
23.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-203
Status
published
Products (6)
Ergon Informatik AG/Airlock IAM
7.7.9 - 7.7.10
Ergon Informatik AG/Airlock IAM
8.0.8
Ergon Informatik AG/Airlock IAM
8.1.7
Ergon Informatik AG/Airlock IAM
8.2.4
Ergon Informatik AG/Airlock IAM
8.3.1
Ergon Informatik AG/Airlock IAM
8.4.1
Published
Jul 04, 2025
Tracked Since
Feb 18, 2026