CVE-2025-65185 – This vulnerability in Entrinsik Informer v5.10.... (How to Fix)

📋 TL;DR

This vulnerability in Entrinsik Informer v5.10.1 allows attackers to enumerate valid usernames by analyzing application responses during OTP and password reset processes. It affects organizations using vulnerable versions of Entrinsik Informer for business intelligence and reporting. The impact is limited to information disclosure rather than authentication bypass.

💻 Affected Systems

Products:

Entrinsik Informer

Versions: v5.10.1

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with local user authentication enabled. Cloud/SaaS deployments may be affected depending on configuration.

📦 What is this software?

Informer by Entrinsik

View all CVEs affecting Informer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map all valid usernames in the system, facilitating targeted phishing, brute force attacks, or social engineering campaigns against specific individuals.

🟠

Likely Case

Attackers discover some valid usernames, potentially enabling more focused credential stuffing or password spraying attacks against those accounts.

🟢

If Mitigated

With proper monitoring and rate limiting, attackers might only discover a few usernames before detection, limiting the attack's effectiveness.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and involves simple HTTP requests with different username/OTP combinations and analyzing response differences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://entrinsik.com

Restart Required: No

Instructions:

1. Check Entrinsik website for security updates
2. Apply any available patches
3. Verify the fix by testing username enumeration
4. Monitor for any service disruptions

🔧 Temporary Workarounds

Implement Rate Limiting

all

Limit login attempts per IP address to prevent automated username enumeration

Standardize Error Responses

all

Configure application to return identical responses for valid and invalid usernames during OTP/password reset

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block username enumeration patterns
Enable detailed logging of all authentication attempts and monitor for suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Test the OTP/password reset functionality with known valid and invalid usernames. If responses differ (timing, error messages, HTTP codes), the system is vulnerable.

Check Version:

Check Informer web interface or configuration files for version information

Verify Fix Applied:

Repeat the enumeration test. Responses should be identical regardless of username validity (same timing, same error messages, same HTTP status codes).

📡 Detection & Monitoring

Log Indicators:

Multiple failed OTP/password reset attempts with different usernames from same source
Unusual pattern of authentication requests

Network Indicators:

HTTP POST requests to authentication endpoints with varying usernames
Abnormal request rates to login/OTP endpoints

SIEM Query:

source_ip=* AND (url_path="/login" OR url_path="/otp" OR url_path="/reset") AND status_code=400|401 AND count() > 10 per minute

📊 Metadata

CVE ID: CVE-2025-65185

CVSS v3 Score: 2.8 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE: CWE-203

EPSS Score: 0.01% exploit probability (2.2th percentile)

Published: December 17, 2025

Last Updated: January 5, 2026

🔗 References

https://entrinsik.com Product
https://www.triaxiomsecurity.com/entrinsik-informer-username-enumeration-cve-2025-65185/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65185, you might also want to check these: