← back
CVE-2025-25235

Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability

CVSS 8.6 HIGHEPSS 0.3%CWE-918
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
Omnissa · Secure Email Gateway

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.omnissa.com/omsa-2025-0003/