CVE-2025-25235 | THREATINT

Description

Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.

PUBLISHED Reserved 2025-02-04 | Published 2025-08-11 | Updated 2025-08-12 | Assigner Omnissa

HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

affected

2.32 and later (custom)

unaffected

2503 and later (custom)

unaffected

References

www.omnissa.com/omsa-2025-0003/

cve.org (CVE-2025-25235)

nvd.nist.gov (CVE-2025-25235)

Download JSON