CVE-2025-25230
Omnissa Horizon Client for Windows Privilege Escalation
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.
Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.
A local privilege escalation vulnerability was privately reported in Omnissa Horizon Client for Windows. Updates are available to remediate this vulnerability in impacted versions of the client. The fixed version is 2503.
*Credits:
Omnissa would like to thank Bocheng Xiang (@Crispr) From FDU for reporting this issue to us.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-02-04 CVE Reserved
- 2025-04-16 CVE Published
- 2025-04-17 CVE Updated
- 2025-04-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://static.omnissa.com/sites/default/files/OMSA-2025-0001.pdf | ||
| https://www.omnissa.com/omnissa-security-response |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| - | - | - | - | - | ||||||