cvelistv5 - cve-2025-41251

CVE-2025-41251 (GCVE-0-2025-41251)

Vulnerability from cvelistv5

Published

2025-09-29 18:45

Modified

2025-09-30 03:55

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password

Summary

VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 8.1 (High). Acknowledgments: Reported by the National Security Agency. Affected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x NSX-T 3.x VMware Cloud Foundation (with NSX) 5.x, 4.5.x Fixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287). Workarounds: None.

References

URL

Tags

security@vmware.com

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Impacted products

	Vendor	Product	Version
	vmware	NSX	Version: VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x < Version: VMware NSX-T - 3.x < Version: VMware Cloud Foundation (with NSX) - 5.x, 4.5.x < Patch: VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T03:55:13.262Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NSX",
          "vendor": "vmware",
          "versions": [
            {
              "status": "affected",
              "version": "VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "VMware NSX-T - 3.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "VMware Cloud Foundation (with NSX) - 5.x, 4.5.x",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-09-29T18:26:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\u003cbr\u003e\u003cb\u003e\u003cbr\u003eImpact:\u003c/b\u003e\u0026nbsp;Username enumeration \u2192 credential brute force risk.\u003cbr\u003e\u003cb\u003eAttack Vector:\u003c/b\u003e\u0026nbsp;Remote, unauthenticated.\u003cbr\u003e\u003cb\u003eSeverity:\u003c/b\u003e\u0026nbsp;Important.\u003cbr\u003e\u003cb\u003eCVSSv3:\u003c/b\u003e\u0026nbsp;8.1 (High).\u003cbr\u003e\u003cb\u003e\u003cbr\u003eAcknowledgments:\u003c/b\u003e\u0026nbsp;Reported by the National Security Agency.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAffected Products:\u003c/b\u003e\u003cp\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003c/p\u003eNSX-T 3.x\u003cbr\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFixed Versions:\u003c/b\u003e NSX 9.0.1.0; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003cb\u003eWorkarounds:\u003c/b\u003e None.\u003cbr\u003e\u003cul\u003e\n\u003c/ul\u003e\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\n\nImpact:\u00a0Username enumeration \u2192 credential brute force risk.\nAttack Vector:\u00a0Remote, unauthenticated.\nSeverity:\u00a0Important.\nCVSSv3:\u00a08.1 (High).\n\nAcknowledgments:\u00a0Reported by the National Security Agency.\n\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\nNSX-T 3.x\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\nFixed Versions: NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\nWorkarounds: None."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-50",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-50 Password Recovery Exploitation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-640",
              "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T18:45:16.614Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Weak password recovery vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-41251",
    "datePublished": "2025-09-29T18:45:16.614Z",
    "dateReserved": "2025-04-16T09:30:25.625Z",
    "dateUpdated": "2025-09-30T03:55:13.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-41251\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-09-29T19:15:35.157\",\"lastModified\":\"2025-09-29T19:34:10.030\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\\n\\nImpact:\u00a0Username enumeration \u2192 credential brute force risk.\\nAttack Vector:\u00a0Remote, unauthenticated.\\nSeverity:\u00a0Important.\\nCVSSv3:\u00a08.1 (High).\\n\\nAcknowledgments:\u00a0Reported by the National Security Agency.\\n\\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\\n\\nNSX-T 3.x\\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\\n\\nFixed Versions: NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\\nWorkarounds: None.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-640\"}]}],\"references\":[{\"url\":\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150\",\"source\":\"security@vmware.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41251\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-29T18:57:21.875008Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-29T18:57:27.004Z\"}}], \"cna\": {\"title\": \"Weak password recovery vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-50\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-50 Password Recovery Exploitation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"vmware\", \"product\": \"NSX\", \"versions\": [{\"status\": \"affected\", \"version\": \"VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"VMware NSX-T - 3.x\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"VMware Cloud Foundation (with NSX) - 5.x, 4.5.x\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-09-29T18:26:00.000Z\", \"references\": [{\"url\": \"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\\n\\nImpact:\\u00a0Username enumeration \\u2192 credential brute force risk.\\nAttack Vector:\\u00a0Remote, unauthenticated.\\nSeverity:\\u00a0Important.\\nCVSSv3:\\u00a08.1 (High).\\n\\nAcknowledgments:\\u00a0Reported by the National Security Agency.\\n\\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\\n\\nNSX-T 3.x\\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\\n\\nFixed Versions: NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\\nWorkarounds: None.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\u003cbr\u003e\u003cb\u003e\u003cbr\u003eImpact:\u003c/b\u003e\u0026nbsp;Username enumeration \\u2192 credential brute force risk.\u003cbr\u003e\u003cb\u003eAttack Vector:\u003c/b\u003e\u0026nbsp;Remote, unauthenticated.\u003cbr\u003e\u003cb\u003eSeverity:\u003c/b\u003e\u0026nbsp;Important.\u003cbr\u003e\u003cb\u003eCVSSv3:\u003c/b\u003e\u0026nbsp;8.1 (High).\u003cbr\u003e\u003cb\u003e\u003cbr\u003eAcknowledgments:\u003c/b\u003e\u0026nbsp;Reported by the National Security Agency.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAffected Products:\u003c/b\u003e\u003cp\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003c/p\u003eNSX-T 3.x\u003cbr\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFixed Versions:\u003c/b\u003e NSX 9.0.1.0; \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"http://4.2.2.2/4.2.3.1\\\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003cb\u003eWorkarounds:\u003c/b\u003e None.\u003cbr\u003e\u003cul\u003e\\n\u003c/ul\u003e\\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-640\", \"description\": \"CWE-640 Weak Password Recovery Mechanism for Forgotten Password\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-09-29T18:45:16.614Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-41251\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-30T03:55:13.262Z\", \"dateReserved\": \"2025-04-16T09:30:25.625Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-09-29T18:45:16.614Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cnvd-2025-23111

Vulnerability from cnvd

Title

VMware NSX弱密码恢复机制漏洞

Description

VMware NSX是VMware Cloud Foundation 内的网络虚拟化解决方案，使管理员能够在私有/混合云中部署传统和现代应用程序。VMware Cloud Foundation是美国威睿（VMware）公司的一套一体化混合云平台。该平台包括运维自动化、基础架构自动配置和集成式生命周期管理等功能。 VMware NSX存在弱密码恢复机制漏洞，攻击者可利用该漏洞枚举有效用户名，然后利用这些用户名进行暴力攻击。

Severity

高

Patch Name

VMware NSX弱密码恢复机制漏洞的补丁

Patch Description

Formal description

厂商已提供漏洞修复方案，请及时关注厂商更新： https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-41251

Impacted products

Name
['VMware NSX 4.2.x', 'VMware NSX 4.1.x', 'VMware NSX 4.0.x', 'VMware NSX 9.x.x.x', 'VMWare NSX-T 3.x', 'VMware VMware Cloud Foundation (with NSX) 5.x', 'VMware VMware Cloud Foundation (with NSX) 4.5.x']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-41251"
    }
  },
  "description": "VMware NSX\u662fVMware Cloud Foundation \u5185\u7684\u7f51\u7edc\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u5728\u79c1\u6709/\u6df7\u5408\u4e91\u4e2d\u90e8\u7f72\u4f20\u7edf\u548c\u73b0\u4ee3\u5e94\u7528\u7a0b\u5e8f\u3002VMware Cloud Foundation\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e00\u4f53\u5316\u6df7\u5408\u4e91\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u8fd0\u7ef4\u81ea\u52a8\u5316\u3001\u57fa\u7840\u67b6\u6784\u81ea\u52a8\u914d\u7f6e\u548c\u96c6\u6210\u5f0f\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u529f\u80fd\u3002 \n\nVMware NSX\u5b58\u5728\u5f31\u5bc6\u7801\u6062\u590d\u673a\u5236\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u679a\u4e3e\u6709\u6548\u7528\u6237\u540d\uff0c\u7136\u540e\u5229\u7528\u8fd9\u4e9b\u7528\u6237\u540d\u8fdb\u884c\u66b4\u529b\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u5382\u5546\u66f4\u65b0\uff1a\r\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-23111",
  "openTime": "2025-10-01",
  "patchDescription": "VMware NSX\u662fVMware Cloud Foundation \u5185\u7684\u7f51\u7edc\u865a\u62df\u5316\u89e3\u51b3\u65b9\u6848\uff0c\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u5728\u79c1\u6709/\u6df7\u5408\u4e91\u4e2d\u90e8\u7f72\u4f20\u7edf\u548c\u73b0\u4ee3\u5e94\u7528\u7a0b\u5e8f\u3002VMware Cloud Foundation\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e00\u4f53\u5316\u6df7\u5408\u4e91\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u8fd0\u7ef4\u81ea\u52a8\u5316\u3001\u57fa\u7840\u67b6\u6784\u81ea\u52a8\u914d\u7f6e\u548c\u96c6\u6210\u5f0f\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u529f\u80fd\u3002 \r\n\r\nVMware NSX\u5b58\u5728\u5f31\u5bc6\u7801\u6062\u590d\u673a\u5236\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u679a\u4e3e\u6709\u6548\u7528\u6237\u540d\uff0c\u7136\u540e\u5229\u7528\u8fd9\u4e9b\u7528\u6237\u540d\u8fdb\u884c\u66b4\u529b\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware NSX\u5f31\u5bc6\u7801\u6062\u590d\u673a\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware NSX 4.2.x",
      "VMware NSX 4.1.x",
      "VMware NSX 4.0.x",
      "VMware NSX 9.x.x.x",
      "VMWare NSX-T 3.x",
      "VMware VMware Cloud Foundation (with NSX)  5.x",
      "VMware VMware Cloud Foundation (with NSX)  4.5.x"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-41251",
  "serverity": "\u9ad8",
  "submitTime": "2025-10-01",
  "title": "VMware NSX\u5f31\u5bc6\u7801\u6062\u590d\u673a\u5236\u6f0f\u6d1e"
}

CERTFR-2025-AVI-0832

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Cloud Foundation	Cloud Foundation versions 4.5.x avec vCenter versions 7.x antérieures à 7.0 U3w
VMware	Telco Cloud Platform	Telco Cloud Platform versions 5.x, 4.x, 3.x et 2.x sans les recommandations des articles KB411508 et KB411518
VMware	NSX	NSX versions 4.2.2.x antérieures à 4.2.2.2
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 3.x et 2.x sans les recommandations des articles KB411508 et KB411518
VMware	Cloud Foundation	Cloud Foundation versions 5.x antérieures à 5.2.2
VMware	NSX	NSX versions 4.2.3.x antérieures à 4.2.3.1
VMware	NSX	NSX-T versions 3.x antérieures à 3.2.4.3
VMware	Cloud Foundation	Cloud Foundation versions 9.x antérieures à 9.0.1.0
VMware	vCenter Server	vCenter versions 7.x antérieures à 7.0 U3w
VMware	vSphere Foundation	vSphere Foundation versions 13.x antérieures à 13.0.5.0
VMware	vCenter Server	vCenter versions 8.x antérieures à 8.0 U3g
VMware	Telco Cloud Platform	Telco Cloud Platform versions 5.x et 4.x avec Aria Operations versions 8.x antérieures à 8.18.5
VMware	vSphere Foundation	vSphere Foundation versions 9.x antérieures à 9.0.1.0
VMware	Cloud Foundation	Cloud Foundation versions 13.x antérieures à 13.0.5.0
VMware	VMware Tools	VMware Tools versions 13.x antérieures à 13.0.5
VMware	Cloud Foundation	Cloud Foundation versions 5.x et 4.x sans les recommandations des articles KB92148 et KB88287
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 3.x et 2.x avec Aria Operations versions 8.x antérieures à 8.18.5
VMware	NSX	NSX versions 4.0.x et 4.1.x antérieures à 4.1.2.7
VMware	Aria Operations	Aria Operations versions 8.x antérieures à 8.18.5
VMware	VMware Tools	VMware Tools versions 11.x et 12.x antérieures à 12.5.4

References

Title

Publication Time

fkie_cve-2025-41251

Vulnerability from fkie_nvd

Published

2025-09-29 19:15

Modified

2025-09-29 19:34

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@vmware.com	https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\n\nImpact:\u00a0Username enumeration \u2192 credential brute force risk.\nAttack Vector:\u00a0Remote, unauthenticated.\nSeverity:\u00a0Important.\nCVSSv3:\u00a08.1 (High).\n\nAcknowledgments:\u00a0Reported by the National Security Agency.\n\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\nNSX-T 3.x\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\nFixed Versions: NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\nWorkarounds: None."
    }
  ],
  "id": "CVE-2025-41251",
  "lastModified": "2025-09-29T19:34:10.030",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security@vmware.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-29T19:15:35.157",
  "references": [
    {
      "source": "security@vmware.com",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    }
  ]
}

ghsa-5vpj-22hp-chfg

Vulnerability from github

Published

2025-09-29 21:30

Modified

2025-09-29 21:30

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.

Impact: Username enumeration → credential brute force risk. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 8.1 (High).

Acknowledgments: Reported by the National Security Agency.

Affected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x

NSX-T 3.x VMware Cloud Foundation (with NSX) 5.x, 4.5.x

Fixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287). Workarounds: None.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-41251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-29T19:15:35Z",
    "severity": "HIGH"
  },
  "details": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\n\nImpact:\u00a0Username enumeration \u2192 credential brute force risk.\nAttack Vector:\u00a0Remote, unauthenticated.\nSeverity:\u00a0Important.\nCVSSv3:\u00a08.1 (High).\n\nAcknowledgments:\u00a0Reported by the National Security Agency.\n\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\nNSX-T 3.x\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\nFixed Versions: NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\nWorkarounds: None.",
  "id": "GHSA-5vpj-22hp-chfg",
  "modified": "2025-09-29T21:30:26Z",
  "published": "2025-09-29T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41251"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ncsc-2025-0301

Vulnerability from csaf_ncscnl

Published

2025-09-30 08:29

Modified

2025-09-30 08:29

Summary

Kwetsbaarheden verholpen in VMware NSX

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

VMware heeft kwetsbaarheden verholpen in VMware NSX

Interpretaties

De kwetsbaarheden in VMware NSX omvatten een zwak wachtwoordherstelmechanisme dat ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te enumereren, wat kan leiden tot potentiële brute-force aanvallen op inloggegevens. Daarnaast is er een kwetsbaarheid voor gebruikersnaam enumeratie die ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te identificeren, wat kan resulteren in ongeautoriseerde toegang tot het systeem.

Oplossingen

VMware heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-203

Observable Discrepancy

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "VMware heeft kwetsbaarheden verholpen in VMware NSX",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in VMware NSX omvatten een zwak wachtwoordherstelmechanisme dat ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te enumereren, wat kan leiden tot potenti\u00eble brute-force aanvallen op inloggegevens. Daarnaast is er een kwetsbaarheid voor gebruikersnaam enumeratie die ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te identificeren, wat kan resulteren in ongeautoriseerde toegang tot het systeem. ",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "VMware heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Observable Discrepancy",
        "title": "CWE-203"
      },
      {
        "category": "general",
        "text": "Weak Password Recovery Mechanism for Forgotten Password",
        "title": "CWE-640"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
      }
    ],
    "title": "Kwetsbaarheden verholpen in VMware NSX",
    "tracking": {
      "current_release_date": "2025-09-30T08:29:24.969885Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0301",
      "initial_release_date": "2025-09-30T08:29:24.969885Z",
      "revision_history": [
        {
          "date": "2025-09-30T08:29:24.969885Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "NSX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "NSX-T"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "vCenter"
          }
        ],
        "category": "vendor",
        "name": "VMware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41250",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "description",
          "text": "VMware vCenter has an SMTP header injection vulnerability that allows non-administrative users with scheduled task permissions to manipulate notification emails.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41250 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41250.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41250"
    },
    {
      "cve": "CVE-2025-41251",
      "cwe": {
        "id": "CWE-640",
        "name": "Weak Password Recovery Mechanism for Forgotten Password"
      },
      "notes": [
        {
          "category": "other",
          "text": "Weak Password Recovery Mechanism for Forgotten Password",
          "title": "CWE-640"
        },
        {
          "category": "description",
          "text": "VMware NSX has a high-severity vulnerability (8.1) in its password recovery mechanism, allowing unauthenticated attackers to enumerate valid usernames, increasing the risk of credential brute-force attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41251 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41251.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41251"
    },
    {
      "cve": "CVE-2025-41252",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        },
        {
          "category": "description",
          "text": "VMware NSX has a high-severity username enumeration vulnerability that allows unauthenticated attackers to identify valid usernames, potentially leading to unauthorized access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41252 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41252.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41252"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-41251 (GCVE-0-2025-41251)

Vulnerability from cvelistv5

cnvd-2025-23111

Vulnerability from cnvd

CERTFR-2025-AVI-0832

Vulnerability from certfr_avis

Solutions

fkie_cve-2025-41251

Vulnerability from fkie_nvd

ghsa-5vpj-22hp-chfg

Vulnerability from github

ncsc-2025-0301

Vulnerability from csaf_ncscnl

Tags

Sightings

Nomenclature