CVE-2025-26485 Information

Description

The Exposure of Sensitive Information to an Unauthorized Actor vulnerability impacting Beta80 Life 1st Identity Manager allows User Enumeration using Authentication Rest APIs. Affected: Life 1st version 1.5.2.14234. Different error messages are returned to failed authentication attempts in case of the usage of a wrong password or a non existent user.

This issue affects Life 1st: 1.5.2.14234.

Reference

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26485