CVE-2025-65185

LOW

Entrinsik Informer - Information Disclosure

Title source: rule

Description

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses.

References (2)

[Product] https://entrinsik.com

[Exploit, Third Party Advisory] https://www.triaxiomsecurity.com/entrinsik-informer-username-enumeration-cve-2025-65185/

Scores

CVSS v3 2.8

EPSS 0.0002

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-203

Status published

Affected Products (1)

entrinsik/informer

Timeline

Published Dec 17, 2025

Tracked Since Feb 18, 2026