Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-25231

HIGH
Published 2025-08-11T18:12:49.711Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-25231. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Description

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.

Available Exploits

Omnissa Workspace ONE UEM - Path Traversal

Omnissa Workspace ONE UEM contains a path traversal caused by crafted GET requests to restricted API endpoints, letting malicious actors access sensitive information, exploit requires sending crafted requests.

ID: CVE-2025-25231
Author: DhiyaneshDKslcyber High

References:

Related News

No news articles found for this CVE.

Affected Products

Omnissa

Omnissa Workspace ONE UEM

Affected Versions:

Omnissa Workspace ONE UEM version 24.10.0.10 or earlier Omnissa Workspace ONE UEM version 24.6.0.34 or earlier Omnissa Workspace ONE UEM version 24.2.0.29 or earlier Omnissa Workspace ONE UEM version 23.10.0.49 or earlier

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.

Affected Products (ENISA)

omnissa
omnissa workspace one uem

ENISA Scoring

CVSS Score (3.1)

7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

8.130
probability

ENISA References

https://static.omnissa.com/sites/default/files/OMSA-2025-0004.pdf
https://www.omnissa.com/omnissa-security-response/

Data provided by ENISA EU Vulnerability Database. Last updated: August 11, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-6489-j79m-95x8

Advisory Details

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-25231
WEB https://static.omnissa.com/sites/default/files/OMSA-2025-0004.pdf
WEB https://www.omnissa.com/omnissa-security-response

Advisory provided by GitHub Security Advisory Database. Published: August 11, 2025, Modified: August 11, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

3 posts
Reddit 3 days, 17 hours ago
crstux
Exploit

🔥 Top 10 Trending CVEs (05/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-48539](https://nvd.nist.gov/vuln/detail/CVE-2025-48539)** - 📝 In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no …

Also mentions: CVE-2025-48539 CVE-2025-43300 CVE-2025-9074 CVE-2025-53772 CVE-2025-53149 CVE-2025-33073 CVE-2024-50264
1
1.0
View Original High Risk
Reddit 4 days, 17 hours ago
crstux
Exploit

🔥 Top 10 Trending CVEs (04/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-47910](https://nvd.nist.gov/vuln/detail/CVE-2025-47910)** - 📝 n/a - 📈 **CVSS:** 0 - 🧭 **Vector:** n/a - ⚠️ **Priority:** n/a - 📝 **Analysis:** No Information available for this CVE at the moment --- **2. [CVE-2025-25231](https://nvd.nist.gov/vuln/detail/CVE-2025-25231)** …

Also mentions: CVE-2025-55177 CVE-2025-9478 CVE-2025-4609 CVE-2025-43300 CVE-2025-9074 CVE-2025-53772 CVE-2025-8088 CVE-2025-54309 CVE-2024-50264
1
1.0
View Original High Risk
Reddit 5 days, 16 hours ago
Searchlight_Cyber

Secondary Context Path Traversal in Omnissa Workspace ONE UEM Earlier this year, our Security Research team discovered a high-risk secondary context path traversal issue in Omnissa Workspace One UEM (CVE-2025-25231). We also developed a chain to RCE on instances in the wild. You can read our detailed research here: [https://slcyber.io/assetnote-security-research-center/secondary-context-path-traversal-in-omnissa-workspace-one-uem/](https://slcyber.io/assetnote-security-research-center/secondary-context-path-traversal-in-omnissa-workspace-one-uem/)

1
1.0
View Original

References

https://static.omnissa.com/sites/default/files/OMSA-2025-0004.pdf
https://www.omnissa.com/omnissa-security-response/
Published: 2025-08-11T18:12:49.711Z
Last Modified: 2025-08-11T18:26:45.876Z
Copied to clipboard!