CVE-2025-65185 identifies a username enumeration vulnerability in Entrinsik Informer version 5.10.1. The flaw arises during the local user login process, where an attacker with limited privileges can input an OTP code and a new password, then observe the application's responses to infer valid usernames. This behavior constitutes a CWE-203: Information Exposure Through Discrepancy. The vulnerability does not allow direct access to user credentials or system control but leaks information that can facilitate further targeted attacks such as phishing or brute force. The CVSS 3.1 score is 2.8, reflecting low severity due to the requirement for local access (AV:L), low attack complexity (AC:L), limited privileges (PR:L), and user interaction (UI:R). The impact is limited to confidentiality, with no integrity or availability impact. No patches or known exploits are currently available, but the issue is publicly disclosed as of December 17, 2025. Organizations using Entrinsik Informer should assess their exposure, especially if the system is accessible to multiple users or if user enumeration could lead to more severe attacks.

For European organizations, the primary impact is the potential exposure of valid usernames, which can be leveraged in social engineering, phishing campaigns, or brute force attacks. While the vulnerability itself does not compromise passwords or system integrity, the information leakage can lower the barrier for attackers to target specific users. This is particularly concerning for organizations handling sensitive or regulated data, such as financial institutions, healthcare providers, or government agencies. The requirement for local access and user interaction reduces the likelihood of remote exploitation but does not eliminate insider threat risks or attacks from compromised internal accounts. The overall impact on confidentiality is low but should be considered within the broader context of layered security controls and threat models.

1. Restrict access to the Entrinsik Informer login interface to trusted users and networks only, using network segmentation and access control lists. 2. Implement monitoring and alerting for unusual login attempts or repeated OTP and password reset requests that could indicate enumeration attempts. 3. Enforce strong authentication policies and consider multi-factor authentication methods that do not rely solely on OTP codes vulnerable to enumeration. 4. Regularly review user account management procedures to detect and respond to suspicious activities promptly. 5. Engage with Entrinsik to obtain patches or updates addressing this vulnerability once available, and apply them promptly. 6. Educate users about phishing and social engineering risks that could be facilitated by username enumeration. 7. Consider implementing application-level protections such as uniform error messages and rate limiting on login attempts to reduce information leakage.