CVE-2025-14243

Mirror-registry: openshift mirror registry: user enumeration via authentication error messages

CVSS 5.3 MEDIUMEPSS 0.3%CWE-209

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Apr 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Red Hat · mirror registry for Red Hat OpenShift Red Hat · mirror registry for Red Hat OpenShift 2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/security/cve/CVE-2025-14243 https://bugzilla.redhat.com/show_bug.cgi?id=2419829