Password Reset Vulnerability in Ergon Informatik AG's Airlock IAM
CVE-2025-6056

6.9MEDIUM

Key Information:

Vendor: Ergon Informatik Ag
Status: Airlock Iam
Vendor: CVE Published:; 4 July 2025

🔔 Create Ergon Informatik Ag Vulnerability Alert

What is CVE-2025-6056?

A timing difference in the password reset process within Airlock IAM from Ergon Informatik AG exposes a vulnerability that enables unauthenticated attackers to enumerate valid usernames. This flaw affects multiple versions of the Airlock IAM product, posing a risk by allowing attackers to identify valid accounts through observed response times during the password reset procedure.

Affected Version(s)

Airlock IAM 7.7.9 <= 7.7.10

Airlock IAM 8.0.8

Airlock IAM 8.1.7

References

https://www.redguard.ch/blog/2025/07/04/cve-2025-6056-air...

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jun 13, 2025

Credit

Patrick Schlüter - Redguard AG

CVE-2025-6056 Data

JSON