PT-2025-44081 — Generation of Error Message Containing Sensitive Information in Packagist Ibexa/User

PT-2025-44081 · Packagist · Ibexa/User

Published

2025-10-17

Updated

2025-10-17

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Impact

In v5, error messages could provide enough information to tell whether a user exists or not. This is resolved by ensuring the error messages are sufficiently ambigious.

Patches

See "Patched versions".

Workarounds

None.

Resources

https://developers.ibexa.co/security-advisories/ibexa-sa-2025-004-xss-and-enumeration-vulnerabilities-in-back-office

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

GHSA-Q3X8-6898-23G3

Affected Products

Ibexa/User