CVE-2025-3092
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-06-26
Assigner: CERT VDE
Description
Description
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-204 | The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to enumerate valid user names from an unprotected endpoint. Essentially, an attacker can discover which user names exist in the system without needing to authenticate.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing valid user names to attackers, which can be used as a first step in targeted attacks such as phishing, brute force, or credential stuffing. This exposure increases the risk of unauthorized access attempts.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70