CVE-2025-25236

Summary

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks.

Affected Software

VendorProductVersion RangeStatus
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version prior to 24.10.0.25affected
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version prior to 24.6.0.44affected
OmnissaOmnissa Workspace ONE UEMOmnissa Workspace ONE UEM version prior to 24.2.0.36affected

Weaknesses

  • CWE-204: CWE-204 Observable Discrepancy Response

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References