CVE-2025-45994 is a high-severity vulnerability affecting Aranda PassRecovery version 1.0, a software component that integrates with Active Directory environments. The vulnerability allows an unauthenticated remote attacker to enumerate valid user accounts in Active Directory by sending a specially crafted POST request to the endpoint /user/existdirectory/1. This endpoint fails to properly restrict or sanitize requests, enabling attackers to confirm the existence of user accounts based on the system's response. The vulnerability is classified under CWE-200 (Information Exposure), indicating that sensitive information—in this case, valid usernames—is disclosed without authorization. The CVSS v3.1 base score is 7.5, reflecting a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N, A:N). Although no known exploits are currently reported in the wild and no patches have been published, the vulnerability presents a significant risk because user enumeration is often a precursor to more targeted attacks such as password guessing, phishing, or privilege escalation within Active Directory environments. The lack of authentication and user interaction requirements makes exploitation straightforward for remote attackers. The absence of affected version details beyond v1.0 suggests that this issue may be limited to initial releases or specific deployments of Aranda PassRecovery.

For European organizations, this vulnerability poses a considerable risk to the confidentiality of user identity information within corporate Active Directory infrastructures. Disclosure of valid usernames can facilitate subsequent attacks such as brute force password attempts, credential stuffing, or social engineering campaigns targeting employees. Given that Active Directory is widely used across European enterprises for identity and access management, the exposure of user account information could lead to unauthorized access, data breaches, or lateral movement within networks. Organizations in sectors with strict data protection requirements, such as finance, healthcare, and government, may face regulatory consequences if user information is leaked or exploited. Additionally, the vulnerability could undermine trust in internal security controls and complicate incident response efforts. While the vulnerability does not directly impact system integrity or availability, the indirect consequences of compromised credentials or escalated privileges could be severe.

European organizations using Aranda PassRecovery v1.0 should immediately assess their exposure to this vulnerability. Since no official patches are currently available, mitigation should focus on compensating controls: 1) Restrict network access to the /user/existdirectory/1 endpoint by implementing firewall rules or web application firewall (WAF) policies that limit requests to trusted administrative IP addresses. 2) Monitor and analyze logs for unusual POST requests to this endpoint to detect enumeration attempts. 3) Employ rate limiting on the endpoint to reduce the feasibility of automated enumeration. 4) Harden Active Directory accounts by enforcing strong password policies, multi-factor authentication (MFA), and account lockout thresholds to mitigate the impact of credential guessing attacks that may follow enumeration. 5) Conduct internal audits to identify and disable unused or legacy accounts that could be targeted. 6) Engage with Aranda support or vendor channels to obtain updates or patches as they become available. 7) Educate IT and security teams about this vulnerability and incorporate it into incident response playbooks.