CVE-2025-25230

Published: Apr 16, 2025Modified: Apr 17, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: de5a6978-88fe-4c27-a7df-d0d5b52d5b52 (Secondary)

Description

Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://static.omnissa.com/sites/default/files/OMSA-2025-0001.pdf

Source: de5a6978-88fe-4c27-a7df-d0d5b52d5b52

https://www.omnissa.com/omnissa-security-response/

Source: de5a6978-88fe-4c27-a7df-d0d5b52d5b52

Timeline

No history available yet.