Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery...

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Description

Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.

Basic Information

ID CVE-2025-25235

Source Omnissa

Published Aug 11, 2025 at 21:47

Affected Product

Vendor Omnissa

Product Secure Email Gateway

Version 2.32 and later

CWE Classification

CWE-918

References

www.omnissa.com /omsa-2025-0003/

{
    "lastseen": "",
    "description": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.",
    "published": "2025-08-11T21:47:25.510Z",
    "modified": "2025-08-11T21:47:47.823Z",
    "type": "cve",
    "title": "Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability",
    "source": "Omnissa",
    "references": "https://www.omnissa.com/omsa-2025-0003/",
    "id": "CVE-2025-25235",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Email Gateway",
    "version": "2.32 and later",
    "vendor": "Omnissa",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability_CVE-2025-25235