Common Weakness Enumeration

CWE-203

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

CVE-2025-54477 (GCVE-0-2025-54477)

Vulnerability from cvelistv5 – Published: 2025-09-30 16:02 – Updated: 2025-10-01 04:34
VLAI
Title
Joomla! Core - [20250902] User-Enumeration in passkey authentication method
Summary
Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Joomla! Project Joomla! CMS Affected: 4.0.0-4.4.13
Affected: 5.0.0-5.3.3
Create a notification for this product.
Credits
Marco Schubert
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-54477",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T17:43:46.747977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T17:43:49.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Joomla! CMS",
          "vendor": "Joomla! Project",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0-4.4.13"
            },
            {
              "status": "affected",
              "version": "5.0.0-5.3.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marco Schubert"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method."
            }
          ],
          "value": "Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-575",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-575 Account Footprinting"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203 Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T04:34:47.521Z",
        "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "shortName": "Joomla"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://developer.joomla.org/security-centre/1011-20250902-core-user-enumeration-in-passkey-authentication-method.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Joomla! Core - [20250902] User-Enumeration in passkey authentication method",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
    "assignerShortName": "Joomla",
    "cveId": "CVE-2025-54477",
    "datePublished": "2025-09-30T16:02:40.036Z",
    "dateReserved": "2025-07-23T11:16:48.711Z",
    "dateUpdated": "2025-10-01T04:34:47.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54999 (GCVE-0-2025-54999)

Vulnerability from cvelistv5 – Published: 2025-08-09 02:00 – Updated: 2025-08-11 14:40
VLAI
Title
OpenBao: Timing Side-Channel in Userpass Auth Method
Summary
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users and users with stored credentials. This is independent of whether the supplied credentials were valid for the given user. This issue was fixed in version 2.3.2. To work around this issue, users may use another auth method or apply rate limiting quotas to limit the number of requests in a period of time: https://openbao.org/api-docs/system/rate-limit-quotas/.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
openbao openbao Affected: >= 0.1.0, < 2.3.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-11T14:40:18.436808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-11T14:40:29.456Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openbao",
          "vendor": "openbao",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.1.0, \u003c 2.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao\u0027s userpass auth method, user enumeration was possible due to timing difference between non-existent users and users with stored credentials. This is independent of whether the supplied credentials were valid for the given user. This issue was fixed in version 2.3.2. To work around this issue, users may use another auth method or apply rate limiting quotas to limit the number of requests in a period of time: https://openbao.org/api-docs/system/rate-limit-quotas/."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203: Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-09T02:00:46.271Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/openbao/openbao/security/advisories/GHSA-hh28-h22f-8357",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openbao/openbao/security/advisories/GHSA-hh28-h22f-8357"
        },
        {
          "name": "https://github.com/openbao/openbao/commit/4d9b5d3d6486ab9fbd5b644173fa0097015d6626",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openbao/openbao/commit/4d9b5d3d6486ab9fbd5b644173fa0097015d6626"
        },
        {
          "name": "https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034"
        },
        {
          "name": "https://discuss.hashicorp.com/t/hcsec-2025-21-vault-user-enumeration-in-userpass-auth-method/76095",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-21-vault-user-enumeration-in-userpass-auth-method/76095"
        }
      ],
      "source": {
        "advisory": "GHSA-hh28-h22f-8357",
        "discovery": "UNKNOWN"
      },
      "title": "OpenBao: Timing Side-Channel in Userpass Auth Method"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54999",
    "datePublished": "2025-08-09T02:00:46.271Z",
    "dateReserved": "2025-08-04T17:34:24.421Z",
    "dateUpdated": "2025-08-11T14:40:29.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-57770 (GCVE-0-2025-57770)

Vulnerability from cvelistv5 – Published: 2025-08-22 16:50 – Updated: 2025-08-22 20:05
VLAI
Title
ZITADEL user enumeration vulnerability in login UI
Summary
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security feature, Ignoring unknown usernames, that is intended to prevent username enumeration by returning a generic response for both valid and invalid usernames. This vulnerability allows an unauthenticated attacker to bypass this protection by submitting arbitrary userIDs to the select account page and distinguishing between valid and invalid accounts based on the system's response. For effective exploitation, an attacker needs to iterate through possible userIDs, but the impact can be limited by implementing rate limiting or similar measures. The issue has been patched in versions 4.0.3, 3.4.0, and 2.71.15.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
zitadel zitadel Affected: < 2.71.15
Affected: >= 3.0.0, < 3.4.0
Affected: >= 4.0.0, < 4.0.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-22T20:04:52.320114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-22T20:05:08.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "zitadel",
          "vendor": "zitadel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.71.15"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security feature, Ignoring unknown usernames, that is intended to prevent username enumeration by returning a generic response for both valid and invalid usernames. This vulnerability allows an unauthenticated attacker to bypass this protection by submitting arbitrary userIDs to the select account page and distinguishing between valid and invalid accounts based on the system\u0027s response. For effective exploitation, an attacker needs to iterate through possible userIDs, but the impact can be limited by implementing rate limiting or similar measures. The issue has been patched in versions 4.0.3, 3.4.0, and 2.71.15."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203: Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T16:50:35.002Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-g9c3-xh6v-fr86",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-g9c3-xh6v-fr86"
        },
        {
          "name": "https://github.com/zitadel/zitadel/commit/7abe759c95cb360524d88b51744d03cbb6e4dcdb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zitadel/zitadel/commit/7abe759c95cb360524d88b51744d03cbb6e4dcdb"
        },
        {
          "name": "https://github.com/zitadel/zitadel/releases/tag/v2.71.15",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zitadel/zitadel/releases/tag/v2.71.15"
        },
        {
          "name": "https://github.com/zitadel/zitadel/releases/tag/v3.4.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zitadel/zitadel/releases/tag/v3.4.0"
        },
        {
          "name": "https://github.com/zitadel/zitadel/releases/tag/v4.0.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zitadel/zitadel/releases/tag/v4.0.3"
        },
        {
          "name": "https://zitadel.com/docs/self-hosting/manage/production#limits-and-quotas",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://zitadel.com/docs/self-hosting/manage/production#limits-and-quotas"
        }
      ],
      "source": {
        "advisory": "GHSA-g9c3-xh6v-fr86",
        "discovery": "UNKNOWN"
      },
      "title": "ZITADEL user enumeration vulnerability in login UI"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-57770",
    "datePublished": "2025-08-22T16:50:35.002Z",
    "dateReserved": "2025-08-19T15:16:22.917Z",
    "dateUpdated": "2025-08-22T20:05:08.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6011 (GCVE-0-2025-6011)

Vulnerability from cvelistv5 – Published: 2025-08-01 18:00 – Updated: 2025-08-01 19:06
VLAI
Title
Timing Side-Channel in Vault’s Userpass Auth Method
Summary
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
HashiCorp Vault Affected: 0 , < 1.20.1 (semver)
Create a notification for this product.
HashiCorp Vault Enterprise Affected: 0 , < 1.20.1 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-01T19:06:39.856193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-01T19:06:58.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Vault Enterprise",
          "repo": "https://github.com/hashicorp/vault",
          "vendor": "HashiCorp",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.19.7",
                  "status": "unaffected"
                },
                {
                  "at": "1.18.12",
                  "status": "unaffected"
                },
                {
                  "at": "1.16.23",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA timing side channel in Vault and Vault Enterprise\u2019s (\u201cVault\u201d) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault\u2019s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "A timing side channel in Vault and Vault Enterprise\u2019s (\u201cVault\u201d) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault\u2019s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-118",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-118: Collect and Analyze Information"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203: Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-01T18:00:24.528Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034"
        }
      ],
      "source": {
        "advisory": "HCSEC-2025-15",
        "discovery": "EXTERNAL"
      },
      "title": "Timing Side-Channel in Vault\u2019s Userpass Auth Method"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2025-6011",
    "datePublished": "2025-08-01T18:00:24.528Z",
    "dateReserved": "2025-06-11T18:57:02.577Z",
    "dateUpdated": "2025-08-01T19:06:58.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6056 (GCVE-0-2025-6056)

Vulnerability from cvelistv5 – Published: 2025-07-04 11:21 – Updated: 2025-07-07 16:23
VLAI
Summary
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Ergon Informatik AG Airlock IAM Affected: 7.7.9 , ≤ 7.7.10 (custom)
Affected: 8.0.8 (custom)
Affected: 8.1.7 (custom)
Affected: 8.2.4 (custom)
Affected: 8.3.1 (custom)
Unaffected: 8.4.1 (custom)
Create a notification for this product.
Credits
Patrick Schlüter - Redguard AG
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-07T16:23:46.644226Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-07T16:23:53.982Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.airlock.com/en/secure-access-hub/components/iam",
          "defaultStatus": "unaffected",
          "modules": [
            "Password Reset Flow"
          ],
          "product": "Airlock IAM",
          "vendor": "Ergon Informatik AG",
          "versions": [
            {
              "lessThanOrEqual": "7.7.10",
              "status": "affected",
              "version": "7.7.9",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.8",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.1.7",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.2.4",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.3.1",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "8.4.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A password reset flow needs to be configured."
            }
          ],
          "value": "A password reset flow needs to be configured."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Patrick Schl\u00fcter - Redguard AG"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Timing difference in password reset in Ergon Informatik AG\u0027s Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Timing difference in password reset in Ergon Informatik AG\u0027s Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-2",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-2 Inducing Account Lockout"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203 Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-04T11:21:42.979Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.redguard.ch/blog/2025/07/04/cve-2025-6056-airlock-iam-username-enumeration/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to a fixed version such as\u0026nbsp;7.7.11,\u0026nbsp;8.0.9,\u0026nbsp;8.1.8,\u0026nbsp;8.2.5,\u0026nbsp;8.3.2."
            }
          ],
          "value": "Update to a fixed version such as\u00a07.7.11,\u00a08.0.9,\u00a08.1.8,\u00a08.2.5,\u00a08.3.2."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2025-6056",
    "datePublished": "2025-07-04T11:21:42.979Z",
    "dateReserved": "2025-06-13T12:44:22.762Z",
    "dateUpdated": "2025-07-07T16:23:53.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-6386 (GCVE-0-2025-6386)

Vulnerability from cvelistv5 – Published: 2025-07-07 09:55 – Updated: 2025-07-07 14:22
VLAI
Title
Timing Attack Vulnerability in parisneo/lollms
Summary
The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in version 20.1. The vulnerability arises from the use of Python's default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
parisneo parisneo/lollms Affected: unspecified , < 20.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-07T14:22:38.602165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-07T14:22:50.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parisneo/lollms",
          "vendor": "parisneo",
          "versions": [
            {
              "lessThan": "20.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in version 20.1. The vulnerability arises from the use of Python\u0027s default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203 Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T09:55:20.059Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/6da05485-d219-4f18-9ffc-991053524b67"
        },
        {
          "url": "https://github.com/parisneo/lollms/commit/f78437f7b5aa39a78c6201912faf4e0645a38c48"
        }
      ],
      "source": {
        "advisory": "6da05485-d219-4f18-9ffc-991053524b67",
        "discovery": "EXTERNAL"
      },
      "title": "Timing Attack Vulnerability in parisneo/lollms"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2025-6386",
    "datePublished": "2025-07-07T09:55:20.059Z",
    "dateReserved": "2025-06-19T21:10:11.647Z",
    "dateUpdated": "2025-07-07T14:22:50.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-64749 (GCVE-0-2025-64749)

Vulnerability from cvelistv5 – Published: 2025-11-13 21:34 – Updated: 2025-11-14 17:15
VLAI
Title
Directus Vulnerable to Information Leakage in Existing Collections
Summary
Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API returns different error messages for two cases: when a user tries to access an existing collection which they are not authorized to access, and when user tries to access a non-existing collection. The two differing error messages leak the existence of collections to users which are not authorized to access these collections. Version 11.13.0 fixes the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-203 - Observable Discrepancy
  • CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
directus directus Affected: < 11.13.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64749",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-14T17:14:48.614823Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-14T17:15:38.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "directus",
          "vendor": "directus",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 11.13.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API returns different error messages for two cases: when a user tries to access an existing collection which they are not authorized to access, and when user tries to access a non-existing collection. The two differing error messages leak the existence of collections to users which are not authorized to access these collections. Version 11.13.0 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203: Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209: Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-13T21:34:54.603Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/directus/directus/security/advisories/GHSA-cph6-524f-3hgr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/directus/directus/security/advisories/GHSA-cph6-524f-3hgr"
        },
        {
          "name": "https://github.com/directus/directus/commit/f99c9b89071f9d136cc9b0d0c182f2d24542bc31",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/directus/directus/commit/f99c9b89071f9d136cc9b0d0c182f2d24542bc31"
        }
      ],
      "source": {
        "advisory": "GHSA-cph6-524f-3hgr",
        "discovery": "UNKNOWN"
      },
      "title": "Directus Vulnerable to Information Leakage in Existing Collections"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-64749",
    "datePublished": "2025-11-13T21:34:54.603Z",
    "dateReserved": "2025-11-10T22:29:34.873Z",
    "dateUpdated": "2025-11-14T17:15:38.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8774 (GCVE-0-2025-8774)

Vulnerability from cvelistv5 – Published: 2025-08-09 20:32 – Updated: 2025-08-12 16:04
VLAI
Title
riscv-boom SonicBOOM L1 Data Cache timing discrepancy
Summary
A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-208 - Observable Timing Discrepancy
  • CWE-203 - Information Exposure Through Discrepancy
Assigner
References
Impacted products
Vendor Product Version
riscv-boom SonicBOOM Affected: 2.2.0
Affected: 2.2.1
Affected: 2.2.2
Affected: 2.2.3
Create a notification for this product.
Credits
lcyf-fizz (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8774",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-12T15:47:22.449560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-12T16:04:18.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRush"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "L1 Data Cache Handler"
          ],
          "product": "SonicBOOM",
          "vendor": "riscv-boom",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.0"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            },
            {
              "status": "affected",
              "version": "2.2.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lcyf-fizz (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In riscv-boom SonicBOOM bis 2.2.3 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente L1 Data Cache Handler. Dank der Manipulation mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1,
            "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "Observable Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Information Exposure Through Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-09T20:32:05.812Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-319297 | riscv-boom SonicBOOM L1 Data Cache timing discrepancy",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.319297"
        },
        {
          "name": "VDB-319297 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.319297"
        },
        {
          "name": "Submit #625550 | SonicBOOM riscv-boom V2.2.3-210-gd77c2c3f implemented in Chipyard (V1.3.0) Improper Protection of Physical Side Channels",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.625550"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRush"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-08T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-08T22:29:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "riscv-boom SonicBOOM L1 Data Cache timing discrepancy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8774",
    "datePublished": "2025-08-09T20:32:05.812Z",
    "dateReserved": "2025-08-08T20:24:10.093Z",
    "dateUpdated": "2025-08-12T16:04:18.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9031 (GCVE-0-2025-9031)

Vulnerability from cvelistv5 – Published: 2025-09-24 08:25 – Updated: 2026-06-05 11:15
VLAI
Title
Timing-Based Username Enumeration in DivvyDrive Information Technologies' DivvyDrive Web
Summary
Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-208 - Observable Timing Discrepancy
  • CWE-203 - Observable Discrepancy
Assigner
References
Impacted products
Vendor Product Version
DivvyDrive Information Technologies Inc. DivvyDrive Web Affected: 4.8.2.2 , < 4.8.2.15 (custom)
Create a notification for this product.
Date Public
2025-09-24 08:23
Credits
Emre AKTAŞ
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-24T14:03:58.151545Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-24T14:04:08.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DivvyDrive Web",
          "vendor": "DivvyDrive Information Technologies Inc.",
          "versions": [
            {
              "lessThan": "4.8.2.15",
              "status": "affected",
              "version": "4.8.2.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Emre AKTA\u015e"
        }
      ],
      "datePublic": "2025-09-24T08:23:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.\u003cp\u003eThis issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.\u003c/p\u003e"
            }
          ],
          "value": "Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.\n\nThis issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-462",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-462 Cross-Domain Search Timing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208 Observable Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203 Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T11:15:33.118Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-25-0293"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0293"
        }
      ],
      "source": {
        "advisory": "TR-25-0293",
        "defect": [
          "TR-25-0293"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Timing-Based Username Enumeration in DivvyDrive Information Technologies\u0027 DivvyDrive Web",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2025-9031",
    "datePublished": "2025-09-24T08:25:49.377Z",
    "dateReserved": "2025-08-14T10:53:12.468Z",
    "dateUpdated": "2026-06-05T11:15:33.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9109 (GCVE-0-2025-9109)

Vulnerability from cvelistv5 – Published: 2025-08-18 06:02 – Updated: 2025-08-18 15:34
VLAI
Title
Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy
Summary
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-204 - Observable Response Discrepancy
  • CWE-203 - Information Exposure Through Discrepancy
Assigner
References
URL Tags
https://vuldb.com/?id.320431 vdb-entry
https://vuldb.com/?ctiid.320431 signaturepermissions-required
https://vuldb.com/?submit.627926 third-party-advisory
Impacted products
Vendor Product Version
Portabilis i-Diario Affected: 1.0
Affected: 1.1
Affected: 1.2
Affected: 1.3
Affected: 1.4
Affected: 1.5.0
Create a notification for this product.
Credits
princival (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9109",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-18T15:32:49.301859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-18T15:34:02.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Password Recovery Endpoint"
          ],
          "product": "i-Diario",
          "vendor": "Portabilis",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            },
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            },
            {
              "status": "affected",
              "version": "1.5.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "princival (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited."
        },
        {
          "lang": "de",
          "value": "In Portabilis i-Diario bis 1.5.0 ist eine Schwachstelle entdeckt worden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /password/email der Komponente Password Recovery Endpoint. Die Bearbeitung verursacht observable response discrepancy. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-204",
              "description": "Observable Response Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Information Exposure Through Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-18T06:02:06.571Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-320431 | Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.320431"
        },
        {
          "name": "VDB-320431 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.320431"
        },
        {
          "name": "Submit #627926 | i-diario i-diario Password Reset Functionality 2.9 i-diario Password Reset Functionality",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.627926"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-17T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-17T22:43:21.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Portabilis i-Diario Password Recovery Endpoint email observable response discrepancy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9109",
    "datePublished": "2025-08-18T06:02:06.571Z",
    "dateReserved": "2025-08-17T20:38:06.556Z",
    "dateUpdated": "2025-08-18T15:34:02.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation ID: MIT-46

Phase: Architecture and Design

Strategy: Separation of Privilege

Description:

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation ID: MIT-39

Phase: Implementation

Description:

  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.

Back to CWE stats page