CVE Field Guide
About Us
CVE-2025-3716
PUBLISHED
User enumeration in ESET Protect (on-prem)
Assigner:
ESET
Reserved:
16.04.2025
Published:
30.03.2026
Updated:
30.03.2026
User enumeration in ESET Protect (on-prem) via Response Timing.
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS Score:
5.3
CVSS score
5.3
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Adjacent
Confidentiality
None
Confidentiality
None
Attack Complexity
Low
Integrity
None
Integrity
None
Attack Requirements
None
Availability
Low
Availability
None
Privileges Required
None
User Interaction
None
CVSS 4.0
Product Status
Vendor
ESET, spol. s.r.o
Product
ESET Protect (on-prem)
Versions
Default:
unaffected
Version 12.1.1.0 is unaffected
References
https://help.eset.com/changelogs/?product=protect&lang=en-US
Problem Types
CWE-204 Observable response discrepancy
CWE
Impacts
CAPEC-172 Manipulate Timing and State