漏洞描述
Omnissa Workspace ONE UEM 存在一个二次上下文路径穿越漏洞,攻击者可通过构造恶意 GET 请求读取受限 API 端点中的敏感信息。
Omnissa Workspace ONE UEM /DevicesGateway/apps/system-app-metadata 目录遍历漏洞(CVE-2025-25231)
PoC代码
暂无相关漏洞推荐
- POC sharepoint-site-metadata-disclosure: Microsoft SharePoint - Site Metadata Disclosure
- Omnissa Workspace ONE UEM CVE-2025-25231 路径遍历
- POC CVE-2021-22054: VMWare Workspace ONE UEM - Server-Side Request Forgery
- POC CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2025-25231: Omnissa Workspace ONE UEM - Path Traversal
- POC CVE-2022-22954: VMware Workspace ONE Access SSTI
- POC datahub-metadata-default-login: DataHub Metadata - Default Login
- POC gcloud-gke-metadata-server-disabled: GKE Clusters Without Metadata Server Enabled
- POC gcloud-exclude-metadata-from-firewall-logging: Exclude Metadata from Firewall Logging
- POC metadata-service-openstack: Openstack Metadata Service Check
- POC CVE-2022-22956: VMware Workspace ONE Access - Authentication Bypass
- POC datahub-metadata-default-login: DataHub Metadata - Default Login