CVE-2025-25235

{"id": "CVE-2025-25235", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2025-08-11T22:15:26.693", "references": [{"url": "https://www.omnissa.com/omsa-2025-0003/", "source": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks."}, {"lang": "es", "value": "Server-Side Request Forgery (SSRF) en Omnissa Secure Email Gateway (SEG) en SEG anterior a 2.32 que se ejecuta en Windows y SEG anterior a 2503 que se ejecuta en UAG permite el enrutamiento del tr\u00e1fico de red, como solicitudes HTTP, a redes internas."}], "lastModified": "2025-08-12T14:25:33.177", "sourceIdentifier": "de5a6978-88fe-4c27-a7df-d0d5b52d5b52"}