Path Traversal Vulnerability in Omnissa Workspace ONE UEM
CVE-2025-25231

7.5HIGH

Key Information:

Vendor: Omnissa
Status: Omnissa Workspace One Uem
Vendor: CVE Published:; 11 August 2025

What is CVE-2025-25231?

Omnissa Workspace ONE UEM is susceptible to a Secondary Context Path Traversal vulnerability, allowing malicious actors to exploit the system. By sending specifically crafted read-only GET requests to certain restricted API endpoints, an attacker may gain unauthorized access to sensitive information, potentially affecting the privacy and security of users. It is crucial for organizations utilizing this software to take proactive measures to mitigate the risk and ensure that their data remains secure.

Affected Version(s)

Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.10.0.10 or earlier

Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.6.0.34 or earlier

Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.2.0.29 or earlier

References

https://static.omnissa.com/sites/default/files/OMSA-2025-...

https://www.omnissa.com/omnissa-security-response/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2025
Vulnerability Reserved
Feb 4, 2025

Credit

Omnissa would like to thank Assetnote (Adam Kues, Shubham Shah, Dylan Pindur) for reporting this issue to us.