CVE-2025-69908
Unknown Unknown - Not Provided
Information Disclosure in Newgen OmniApp via Public JavaScript Resource

Publication date: 2026-01-23

Last updated on: 2026-02-11

Assigner: MITRE

Description
An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69908
EUVD
EUVD-2026-4310
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
newgensoft omniapp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated information disclosure issue in Newgen OmniApp that allows attackers to enumerate valid privileged usernames by accessing a publicly available client-side JavaScript resource. [1]

Impact Analysis

The vulnerability can impact you by exposing valid privileged usernames to attackers without authentication, which could facilitate further targeted attacks such as privilege escalation or unauthorized access attempts. [1]

Detection Guidance

This vulnerability can be detected by inspecting the publicly accessible client-side JavaScript resources of the Newgen OmniApp installation to see if they expose valid privileged usernames. Network monitoring tools or web application scanners can be used to identify requests to such JavaScript files. Specific commands might include using curl or wget to fetch the JavaScript resource and grep or similar tools to search for username enumeration patterns. For example: curl -s http://target/newgen/path/to/client.js | grep -i username [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the client-side JavaScript resources that expose privileged usernames, implementing proper access controls, and applying any available patches or updates from Newgen OmniApp. Additionally, monitoring and alerting on unusual access patterns to these resources can help reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69908. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart