CVE-2025-6056
MEDIUMErgon Informatik AG's Airlock IAM <8.3.1 - Info Disclosure
Title source: llmDescription
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
Scores
CVSS v4
6.9
EPSS
0.0051
EPSS Percentile
66.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-203
Status
published
Products (6)
Ergon Informatik AG/Airlock IAM
7.7.9 - 7.7.10
Ergon Informatik AG/Airlock IAM
8.0.8
Ergon Informatik AG/Airlock IAM
8.1.7
Ergon Informatik AG/Airlock IAM
8.2.4
Ergon Informatik AG/Airlock IAM
8.3.1
Ergon Informatik AG/Airlock IAM
8.4.1
Published
Jul 04, 2025
Tracked Since
Feb 18, 2026