CVE-2025-41685

Summary

A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.

Affected Software

VendorProductVersion RangeStatus
SMAennexos.sunnyportal.com0 < 15.08.2025affected

Weaknesses

  • CWE-359: CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References