CVE-2025-25231_CVE-2025-25231

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.

Basic Information

ID CVE-2025-25231

Source Omnissa

Published Aug 11, 2025 at 18:12

Modified Aug 11, 2025 at 18:26

Affected Product

Vendor Omnissa

Product Omnissa Workspace ONE UEM

Version Omnissa Workspace ONE UEM version 24.10.0.10 or earlier

Affected Versions Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.10.0.10 or earlier
Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.6.0.34 or earlier
Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.2.0.29 or earlier
Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 23.10.0.49 or earlier

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability.\u00a0A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.",
    "published": "2025-08-11T18:12:49.711Z",
    "modified": "2025-08-11T18:26:45.876Z",
    "type": "cve",
    "title": "CVE-2025-25231",
    "source": "Omnissa",
    "references": "https://static.omnissa.com/sites/default/files/OMSA-2025-0004.pdf\nhttps://www.omnissa.com/omnissa-security-response/",
    "id": "CVE-2025-25231",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.10.0.10 or earlier\nOmnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.6.0.34 or earlier\nOmnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.2.0.29 or earlier\nOmnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 23.10.0.49 or earlier",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Omnissa Workspace ONE UEM",
    "version": "Omnissa Workspace ONE UEM version 24.10.0.10 or earlier",
    "vendor": "Omnissa",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}