User Enumeration Vulnerability in ESET Protect by ESET
CVE-2025-3716

5.3MEDIUM

Key Information:

Vendor: Eset, Spol. S.r.o
Status: Eset Protect (on-prem)
Vendor: CVE Published:; 30 March 2026

🔔 Create Eset, Spol. S.r.o Vulnerability Alert

What is CVE-2025-3716?

ESET Protect (on-prem) is susceptible to a user enumeration vulnerability that arises through Response Timing. This issue allows attackers to potentially exploit timing discrepancies to identify valid usernames within the system, posing a risk of unauthorized access and further attacks. Organizations using ESET Protect should take immediate action to mitigate this vulnerability and protect sensitive user information.

Affected Version(s)

ESET Protect (on-prem) 12.1.1.0

References

https://help.eset.com/changelogs/?product=protect&lang=en-US

release-notes

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Apr 16, 2025

CVE-2025-3716 Data

JSON