Path Traversal Vulnerability in Omnissa Workspace ONE UEM
CVE-2025-25231
What is CVE-2025-25231?
CVE-2025-25231 is a path traversal vulnerability found in Omnissa Workspace ONE UEM, a unified endpoint management solution designed to simplify the management of devices within an enterprise environment. This vulnerability allows malicious actors to exploit certain improper validations in the software, potentially enabling them to access sensitive information through crafted GET requests to restricted application programming interface (API) endpoints. If successfully exploited, this vulnerability could result in unauthorized read access to data that should otherwise be protected, thereby jeopardizing the confidentiality of critical enterprise information.
Potential impact of CVE-2025-25231
-
Data Exposure: This vulnerability could lead to unauthorized access to sensitive data stored within the system, including user credentials, corporate data, or configuration settings, compromising user privacy and operational integrity.
-
Regulatory Compliance Risks: Organizations may face significant compliance issues and legal repercussions if sensitive data is exposed due to a vulnerability like this, especially under regulations such as GDPR, HIPAA, or other data protection laws.
-
Reputational Damage: The exploitation of this vulnerability could severely damage the organization's reputation, eroding customer trust and resulting in financial losses associated with remediation efforts and potential legal liabilities.
Affected Version(s)
Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.10.0.10 or earlier
Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.6.0.34 or earlier
Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version 24.2.0.29 or earlier
References
EPSS Score
10% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved