CVE-2025-25236_CVE-2025-25236

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks.

Basic Information

ID CVE-2025-25236

Source Omnissa

Published Nov 12, 2025 at 17:41

Modified Nov 12, 2025 at 21:04

Affected Product

Vendor Omnissa

Product Omnissa Workspace ONE UEM

Version Omnissa Workspace ONE UEM version prior to 24.10.0.25

Affected Versions Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.10.0.25
Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.6.0.44
Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.2.0.36

CWE Classification

CWE-204

References

{
    "lastseen": "",
    "description": "Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks.",
    "published": "2025-11-12T17:41:57.042Z",
    "modified": "2025-11-12T21:04:33.914Z",
    "type": "cve",
    "title": "CVE-2025-25236",
    "source": "Omnissa",
    "references": "https://static.omnissa.com/sites/default/files/OMSA-2025-0005.pdf\nhttps://www.omnissa.com/omnissa-security-response/",
    "id": "CVE-2025-25236",
    "bulletinFamily": "",
    "cwe": [
        "CWE-204"
    ],
    "cvelist": null,
    "sourceData": "Omnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.10.0.25\nOmnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.6.0.44\nOmnissa Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.2.0.36",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Omnissa Workspace ONE UEM",
    "version": "Omnissa Workspace ONE UEM version prior to 24.10.0.25",
    "vendor": "Omnissa",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}