CVE-2025-46747
📋 TL;DR
An authenticated user without user-management permissions can enumerate other user accounts in affected systems. This information disclosure vulnerability affects systems running vulnerable versions of SEL software where authenticated users have access.
💻 Affected Systems
- SEL software products (specific products not detailed in reference)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map all user accounts, enabling targeted credential attacks, social engineering, or privilege escalation by identifying high-value targets.
Likely Case
Malicious insiders or compromised accounts could gather intelligence about organizational structure and user accounts for further attacks.
If Mitigated
Limited to authenticated users only, preventing anonymous enumeration but still allowing insider threats.
🎯 Exploit Status
Exploitation requires authenticated access but no special permissions. Likely involves API or interface enumeration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest software versions referenced at selinc.com/products/software/latest-software-versions/
Vendor Advisory: https://selinc.com/products/software/latest-software-versions/
Restart Required: Yes
Instructions:
1. Visit SEL advisory URL. 2. Identify affected products. 3. Download latest software versions. 4. Apply updates following vendor documentation. 5. Restart affected services/systems.
🔧 Temporary Workarounds
Restrict user enumeration endpoints
allConfigure access controls to prevent unauthorized users from accessing user enumeration APIs or interfaces
Implement rate limiting
allAdd rate limiting to user-related endpoints to slow down enumeration attempts
🧯 If You Can't Patch
- Implement strict network segmentation to limit access to vulnerable systems
- Enhance monitoring of user enumeration attempts and implement alerting
🔍 How to Verify
Check if Vulnerable:
Test with authenticated user account (without user-management permissions) to see if user enumeration is possibleCheck Version:
Check software version through product interface or vendor documentationVerify Fix Applied:
After patching, verify authenticated users without user-management permissions cannot enumerate other user accounts📡 Detection & Monitoring
Log Indicators:
- Multiple user enumeration requests from single account
- Access to user listing APIs by non-admin users
Network Indicators:
- Patterns of repeated requests to user-related endpoints
SIEM Query:
source="sel_software" AND (event_type="user_enumeration" OR endpoint="*/users" OR endpoint="*/accounts") AND user_role!="admin"