{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25235", "assignerOrgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "state": "PUBLISHED", "assignerShortName": "Omnissa", "dateReserved": "2025-02-04T20:59:07.334Z", "datePublished": "2025-08-11T21:47:25.510Z", "dateUpdated": "2025-08-12T15:45:31.666Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Secure Email Gateway", "vendor": "Omnissa", "versions": [{"status": "unaffected", "version": "2.32 and later", "versionType": "custom"}, {"status": "unaffected", "version": "2503 and later", "versionType": "custom"}]}], "datePublic": "2025-08-11T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."}], "value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "shortName": "Omnissa", "dateUpdated": "2025-08-11T21:47:47.823Z"}, "references": [{"url": "https://www.omnissa.com/omsa-2025-0003/"}], "source": {"discovery": "UNKNOWN"}, "title": "Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-12T15:45:19.584760Z", "id": "CVE-2025-25235", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T15:45:31.666Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25235", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-12T15:45:19.584760Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T15:45:26.965Z"}}], "cna": {"title": "Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Omnissa", "product": "Secure Email Gateway", "versions": [{"status": "unaffected", "version": "2.32 and later", "versionType": "custom"}, {"status": "unaffected", "version": "2503 and later", "versionType": "custom"}], "defaultStatus": "affected"}], "datePublic": "2025-08-11T18:00:00.000Z", "references": [{"url": "https://www.omnissa.com/omsa-2025-0003/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.", "supportingMedia": [{"type": "text/html", "value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "shortName": "Omnissa", "dateUpdated": "2025-08-11T21:47:47.823Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25235", "state": "PUBLISHED", "dateUpdated": "2025-08-12T15:45:31.666Z", "dateReserved": "2025-02-04T20:59:07.334Z", "assignerOrgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "datePublished": "2025-08-11T21:47:25.510Z", "assignerShortName": "Omnissa"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."}, {"lang": "es", "value": "Server-Side Request Forgery (SSRF) en Omnissa Secure Email Gateway (SEG) en SEG anterior a 2.32 que se ejecuta en Windows y SEG anterior a 2503 que se ejecuta en UAG permite el enrutamiento del tr\u00e1fico de red, como solicitudes HTTP, a redes internas."}], "id": "CVE-2025-25235", "lastModified": "2025-08-12T14:25:33.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "type": "Secondary"}]}, "published": "2025-08-11T22:15:26.693", "references": [{"source": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "url": "https://www.omnissa.com/omsa-2025-0003/"}], "sourceIdentifier": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "type": "Secondary"}]}

{}