CVE-2025-6056
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-07-08
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6056 is a timing attack vulnerability in the password reset functionality of Airlock IAM by Ergon Informatik AG. When an unauthenticated attacker submits a username during the password reset process, the server responds with different timing delays depending on whether the username is valid or not. Although the server always returns a success response to prevent username enumeration, the response time is significantly longer (500-800 ms) for valid usernames compared to invalid ones (30-40 ms). This timing difference allows attackers to determine which usernames exist in the system. [1]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to enumerate valid usernames by measuring response times during password reset requests. Knowing valid usernames can facilitate further attacks such as password spraying or targeted phishing. Without protections like CAPTCHAs, attackers can automate these username guessing attacks, increasing the risk of unauthorized access or account compromise. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by measuring the response time of the password reset request to the endpoint /auth/rest/public/self-service/username/identify. By sending POST requests with different usernames in the JSON payload, you can observe timing differences: approximately 30-40 milliseconds for invalid usernames and 500-800 milliseconds for valid usernames. Commands using curl and time measurement tools or scripting languages (e.g., Python with requests and time modules) can be used to automate this detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Airlock IAM to one of the fixed versions: 7.7.11, 8.0.9, 8.1.8, 8.2.5, or 8.3.2. If upgrading is not immediately possible, implement anti-automation measures such as CAPTCHAs on the username input step during the password reset process to hinder automated exploitation. [1]