CVE-2025-25234

Summary

Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.

Affected Software

VendorProductVersion RangeStatus
OmnissaOmnissa Unified Access Gateway (UAG)Omnissa Unified Access Gateway 2412 or earlieraffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References