CVE-2025-25235 HIGH

CVE-2025-25235: Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability

Weakness CWE-918 · SSRF
Published August 11, 2025
Last update August 12, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.

Key dates

02Disclosure timeline

August 11, 2025 CVE published
August 12, 2025 Record updated