CVE-2025-25231

Summary

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.

Affected Software

VendorProductVersion RangeStatus
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version 24.10.0.10 or earlieraffected
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version 24.6.0.34 or earlieraffected
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version 24.2.0.29 or earlieraffected
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version 23.10.0.49 or earlieraffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References