PT-2025-32587 · Omnissa · Unified Access Gateway+1
Published
2025-08-11
·
Updated
2025-08-11
·
CVE-2025-25235
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Omnissa Secure Email Gateway (SEG) versions prior to 2.32 (Windows)
Omnissa Secure Email Gateway (SEG) versions prior to 2503 (UAG)
Description:
This issue is a Server-Side Request Forgery (SSRF) that allows routing of network traffic, such as HTTP requests, to internal networks. The vulnerability exists in on-prem deployments of Omnissa Secure Email Gateway (SEG) and Unified Access Gateway (UAG).
Recommendations:
Update Omnissa Secure Email Gateway (SEG) to version 2.32 or later on Windows.
Update Omnissa Secure Email Gateway (SEG) to version 2503 or later on UAG.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Omnissa Secure Email Gateway
Unified Access Gateway