Observable Response Discrepancy in Omnissa Workspace ONE UEM
CVE-2025-25236

5.3MEDIUM

Key Information:

Vendor

Omnissa

Status
Omnissa Workspace One Uem
Vendor
CVE Published:
12 November 2025

What is CVE-2025-25236?

Omnissa Workspace ONE UEM is affected by a vulnerability characterized by an observable response discrepancy, allowing potential attackers to enumerate sensitive information, including tenant IDs and user accounts. This weakness may enable various attack vectors, such as brute-force, password-spraying, and credential-stuffing attacks, jeopardizing the security of user data and organizational integrity.

Affected Version(s)

Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.10.0.25

Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.10.0.25

Omnissa Workspace ONE UEM Omnissa Workspace ONE UEM version prior to 24.6.0.44

References

https://static.omnissa.com/sites/default/files/OMSA-2025-...
https://www.omnissa.com/omnissa-security-response/

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-25236 : Observable Response Discrepancy in Omnissa Workspace ONE UEM