Search criteria
2 vulnerabilities found for Secure Email Gateway by Omnissa
CVE-2025-25235 (GCVE-0-2025-25235)
Vulnerability from cvelistv5 – Published: 2025-08-11 21:47 – Updated: 2025-08-12 15:45
VLAI?
Title
Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity ?
8.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omnissa | Secure Email Gateway |
Unaffected:
2.32 and later
(custom)
Unaffected: 2503 and later (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:45:19.584760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:45:31.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Email Gateway",
"vendor": "Omnissa",
"versions": [
{
"status": "unaffected",
"version": "2.32 and later",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2503 and later",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-08-11T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."
}
],
"value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T21:47:47.823Z",
"orgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"shortName": "Omnissa"
},
"references": [
{
"url": "https://www.omnissa.com/omsa-2025-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"assignerShortName": "Omnissa",
"cveId": "CVE-2025-25235",
"datePublished": "2025-08-11T21:47:25.510Z",
"dateReserved": "2025-02-04T20:59:07.334Z",
"dateUpdated": "2025-08-12T15:45:31.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25235 (GCVE-0-2025-25235)
Vulnerability from nvd – Published: 2025-08-11 21:47 – Updated: 2025-08-12 15:45
VLAI?
Title
Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity ?
8.6 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omnissa | Secure Email Gateway |
Unaffected:
2.32 and later
(custom)
Unaffected: 2503 and later (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:45:19.584760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:45:31.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Secure Email Gateway",
"vendor": "Omnissa",
"versions": [
{
"status": "unaffected",
"version": "2.32 and later",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2503 and later",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-08-11T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."
}
],
"value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T21:47:47.823Z",
"orgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"shortName": "Omnissa"
},
"references": [
{
"url": "https://www.omnissa.com/omsa-2025-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52",
"assignerShortName": "Omnissa",
"cveId": "CVE-2025-25235",
"datePublished": "2025-08-11T21:47:25.510Z",
"dateReserved": "2025-02-04T20:59:07.334Z",
"dateUpdated": "2025-08-12T15:45:31.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}