CVE-2025-25231 | THREATINT

Description

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.

PUBLISHED Reserved 2025-02-04 | Published 2025-08-11 | Updated 2025-08-11 | Assigner Omnissa

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product status

Default status

unaffected

Omnissa Workspace ONE UEM version 24.10.0.10 or earlier

affected

Omnissa Workspace ONE UEM version 24.6.0.34 or earlier

affected

Omnissa Workspace ONE UEM version 24.2.0.29 or earlier

affected

Omnissa Workspace ONE UEM version 23.10.0.49 or earlier

affected

Credits

Omnissa would like to thank Assetnote (Adam Kues, Shubham Shah, Dylan Pindur) for reporting this issue to us. reporter

References

static.omnissa.com/sites/default/files/OMSA-2025-0004.pdf

www.omnissa.com/omnissa-security-response/

cve.org (CVE-2025-25231)

nvd.nist.gov (CVE-2025-25231)

Download JSON