Server-Side Request Forgery Vulnerability in Omnissa Secure Email Gateway
CVE-2025-25235

8.6HIGH

Key Information:

Vendor: Omnissa
Status: Secure Email Gateway
Vendor: CVE Published:; 11 August 2025

What is CVE-2025-25235?

A vulnerability in Omnissa Secure Email Gateway has been identified that allows potential attackers to exploit server-side request forgery (SSRF) mechanisms. This can enable unauthorized routing of HTTP requests, leading to exposure of internal networks and services. If exploited, malicious actors could gain access to sensitive data or manipulate services within the internal network. To mitigate this risk, it is advisable for users of affected versions to update to the latest releases as recommended by the vendor.

Affected Version(s)

Secure Email Gateway 2.32 and later

Secure Email Gateway 2503 and later

References

https://www.omnissa.com/omsa-2025-0003/

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2025
Vulnerability Reserved
Feb 4, 2025