CVE-2025-25229

Summary

Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.

Affected Software

VendorProductVersion RangeStatus
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version 24.10.0.10 or earlieraffected
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version 24.6.0.34 or earlieraffected
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version 24.2.0.29 or earlieraffected
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version 23.10.0.49 or earlieraffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References