CVE-2025-14243
Received Received - Intake
Username Enumeration Vulnerability in OpenShift Mirror Registry Authentication

Publication date: 2026-04-08

Last updated on: 2026-04-21

Assigner: Red Hat, Inc.

Description
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14243
EUVD
EUVD-2025-209308
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
redhat mirror_registry_for_red_hat_openshift *
redhat mirror_registry_for_red_hat_openshift 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can impact you by exposing valid usernames and email addresses to attackers without requiring authentication. Such information disclosure can facilitate further attacks like phishing, social engineering, or brute force attempts against known accounts.

Executive Summary

CVE-2025-14243 is a medium severity vulnerability in the OpenShift Mirror Registry that allows an unauthenticated remote attacker to enumerate valid usernames and email addresses. This is possible because the system returns different error messages during authentication failures and account creation, which can be analyzed to determine which usernames exist.

Detection Guidance

This vulnerability can be detected by attempting to authenticate with various usernames and observing the differences in error messages returned by the OpenShift Mirror Registry. An attacker can enumerate valid usernames by analyzing these error responses during login attempts.

Specific commands are not provided in the available resources, but a common approach would be to use automated scripts or tools to send authentication requests with different usernames and analyze the error messages for discrepancies that indicate valid accounts.

Mitigation Strategies

No specific mitigation steps or fixed versions are provided in the available resources. Immediate steps would generally include monitoring authentication logs for suspicious enumeration attempts and restricting access to the OpenShift Mirror Registry to trusted users or networks where possible.

Additionally, consider implementing generic error messages for authentication failures to avoid leaking information about valid usernames or email addresses.

Compliance Impact

The vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses by analyzing different error messages during authentication failures and account creation.

This kind of user enumeration can lead to unauthorized disclosure of personally identifiable information (PII), such as usernames and email addresses.

Such unauthorized disclosure may impact compliance with data protection regulations like GDPR and HIPAA, which require protection of personal data and prevention of unauthorized access or disclosure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14243. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart