Vendor

Omnissa

Products

CVEs

Across products

Status

Private

Products

Recent CVEs

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-25230	Omnissa Horizon Client for Windows	Hig	0.51	7.8	0.00	Apr 16, 2025	Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.
CVE-2025-25231	Omnissa Workspace ONE UEM	Hig	0.49	7.5	0.03	Aug 11, 2025	Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.
CVE-2025-25229	Omnissa Workspace ONE UEM	Med	0.35	5.4	0.00	Aug 11, 2025	Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.
CVE-2025-25236	Omnissa Workspace ONE UEM	Med	0.34	5.3	0.00	Nov 12, 2025	Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks.
CVE-2025-25234	Omnissa UAG		0.00	—	0.00	Apr 17, 2025	Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.

CVE-2025-25230HigApr 16, 2025
Omnissa
Horizon Client for Windows
risk 0.51cvss 7.8epss 0.00
Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.
CVE-2025-25231HigAug 11, 2025
Omnissa
Workspace ONE UEM
risk 0.49cvss 7.5epss 0.03
Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.
CVE-2025-25229MedAug 11, 2025
Omnissa
Workspace ONE UEM
risk 0.35cvss 5.4epss 0.00
Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources.
CVE-2025-25236MedNov 12, 2025
Omnissa
Workspace ONE UEM
risk 0.34cvss 5.3epss 0.00
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks.
CVE-2025-25234Apr 17, 2025
Omnissa
UAG
risk 0.00cvss —epss 0.00
Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks.