CVE-2025-65185

LOW

Entrinsik Informer - Information Disclosure

Title source: rule

Description

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.

References (2)

[Product] https://entrinsik.com

[Exploit, Third Party Advisory] https://www.triaxiomsecurity.com/entrinsik-informer-username-enumeration-cve-2025-65185/

Scores

CVSS v3 2.8

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-203

Status published

Products (1)

entrinsik/informer 5.10.1

Published Dec 17, 2025

Tracked Since Feb 18, 2026