CVE-2025-6056

Vulnerability Description

Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.

Related Weaknesses (CWE)

CWE-203

References

https://www.redguard.ch/blog/2025/07/04/cve-2025-6056-airlock-iam-username-enume

FAQ

What is CVE-2025-6056?

CVE-2025-6056 is a documented vulnerability. Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.

How severe is CVE-2025-6056?

CVSS scoring is not yet available for CVE-2025-6056. Check NVD for updates.

Is there a patch for CVE-2025-6056?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.