{"uuid": "06eada7c-1ab5-44fe-afd3-79a5dd68784a", "vulnerability": {"vulnId": "CVE-2025-25231", "altId": []}, "gcve": {"origin_uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd", "object_uuid": "06eada7c-1ab5-44fe-afd3-79a5dd68784a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-09T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-09T00:00:00Z", "recorded_at": "2026-02-02T13:23:54Z", "first_seen_at": "2025-09-09T00:00:00Z"}, "scope": {"notes": "Affected: Omnissa / Omnissa Workspace ONE UEM | Description: Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints | Origin source: CERT-PL | Notes: https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/"}, "evidence": [{"type": "csirt_report", "source": "enisa-cnw-kev", "signal": "successful_exploitation", "confidence": 0.75, "details": {"cwes": "-", "euvd": "EUVD-2025-24160", "notes": "https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/", "catalog": "ENISA / EU CSIRTs Network (CNW) KEV CSV", "product": "Omnissa Workspace ONE UEM", "dateReported": "09/09/25", "originSource": "CERT-PL", "vendorProject": "Omnissa", "exploitationType": "-", "vulnerabilityName": "-", "threatActorsExploiting": "-"}}], "references": [{"id": "CVE-2025-25231", "url": "https://www.cve.org/CVERecord?id=CVE-2025-25231"}, {"id": "EUVD-2025-24160", "url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-24160"}, {"id": "source", "url": "https://moje.cert.pl/komunikaty/2025/29/aktywnie-wykorzystywana-krytyczna-podatnosc-w-narzedziu-omnissa-workspace-one-uem-airwatch-mdm/"}]}