CVE-2025-55198: 
Helm vulnerability analysis and mitigation

CVE-2024-55198 is a user enumeration vulnerability discovered in Celk Sistemas Celk Saude v.3.1.252.1. The vulnerability was disclosed on March 13, 2025, and affects the password recovery functionality of the application. The vulnerability allows remote attackers to enumerate valid users through discrepancies in the system's responses (MITRE).

The vulnerability is classified with a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is categorized as CWE-204 (Observable Response Discrepancy). The issue specifically exists in the password recovery functionality where different error messages are returned based on whether a username exists in the system or not (CISA-ADP).

The vulnerability allows remote attackers to determine valid usernames within the system through response discrepancy analysis. This information disclosure can be leveraged as a stepping stone for further attacks such as brute force attempts or targeted phishing campaigns (MITRE).

Organizations should implement consistent error messages for authentication-related responses and follow secure coding practices as outlined in authentication security guidelines (OWASP Auth).