Server-Side Request Forgery Vulnerability in Omnissa Secure Email Gateway
CVE-2025-25235

8.6HIGH

Key Information:

Vendor: Omnissa
Status: Secure Email Gateway
Vendor: CVE Published:; 11 August 2025

What is CVE-2025-25235?

A vulnerability in Omnissa Secure Email Gateway has been identified that allows potential attackers to exploit server-side request forgery (SSRF) mechanisms. This can enable unauthorized routing of HTTP requests, leading to exposure of internal networks and services. If exploited, malicious actors could gain access to sensitive data or manipulate services within the internal network. To mitigate this risk, it is advisable for users of affected versions to update to the latest releases as recommended by the vendor.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Secure Email Gateway 2.32 and later

Secure Email Gateway 2503 and later

References

https://www.omnissa.com/omsa-2025-0003/

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 11, 2025
Vulnerability Reserved
Feb 4, 2025

JSON

Omnissa

What is CVE-2025-25235?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.