cvelistv5 - cve-2025-41252

CVE-2025-41252 (GCVE-0-2025-41252)

Vulnerability from cvelistv5

Published

2025-09-29 19:02

Modified

2025-09-29 19:14

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-203 - Observable Discrepancy

Summary

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unauthorized access. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 7.5 (High). Acknowledgments: Reported by the National Security Agency. Affected Products: * VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x * NSX-T 3.x * VMware Cloud Foundation (with NSX) 5.x, 4.5.x Fixed Versions: * NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287). Workarounds: None.

References

URL

Tags

security@vmware.com

https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Impacted products

	Vendor	Product	Version
	VMware	NSX	Version: VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x < Version: VMware NSX-T 3.x < Version: VMware Cloud Foundation (with NSX) 5.x, 4.5.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-29T19:14:25.259914Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-29T19:14:38.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NSX",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "VMware NSX-T 3.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "VMware Cloud Foundation (with NSX) 5.x, 4.5.x"
            },
            {
              "status": "unaffected",
              "version": "VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003eDescription: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\u003c/p\u003e\n\u003cp\u003eImpact: Username enumeration \u2192 facilitates unauthorized access.\u003c/p\u003e\n\u003cp\u003eAttack Vector: Remote, unauthenticated.\u003c/p\u003e\n\u003cp\u003eSeverity: Important.\u003c/p\u003e\n\u003cp\u003eCVSSv3: 7.5 (High).\u003c/p\u003e\n\u003cp\u003eAcknowledgments: Reported by the National Security Agency.\u003c/p\u003e\n\u003cp\u003eAffected Products:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003cbr\u003e\u003c/li\u003e\u003cli\u003eNSX-T 3.x\u003cbr\u003e\u003c/li\u003e\u003cli\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\u003cp\u003eFixed Versions:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNSX 9.0.1.0; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eWorkarounds: None.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\n\n\nImpact: Username enumeration \u2192 facilitates unauthorized access.\n\n\nAttack Vector: Remote, unauthenticated.\n\n\nSeverity: Important.\n\n\nCVSSv3: 7.5 (High).\n\n\nAcknowledgments: Reported by the National Security Agency.\n\n\nAffected Products:\n\n\n\n  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\n  *  NSX-T 3.x\n\n  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\n\n\n\n\n\n\n\n\n\n\n\nFixed Versions:\u00a0\n\n\n\n  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\n\n\n\n\n\n\nWorkarounds: None."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "CWE-203 Observable Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T19:02:07.283Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Username enumeration vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-41252",
    "datePublished": "2025-09-29T19:02:07.283Z",
    "dateReserved": "2025-04-16T09:30:25.625Z",
    "dateUpdated": "2025-09-29T19:14:38.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-41252\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-09-29T19:15:35.317\",\"lastModified\":\"2025-09-29T19:34:10.030\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\\n\\n\\nImpact: Username enumeration \u2192 facilitates unauthorized access.\\n\\n\\nAttack Vector: Remote, unauthenticated.\\n\\n\\nSeverity: Important.\\n\\n\\nCVSSv3: 7.5 (High).\\n\\n\\nAcknowledgments: Reported by the National Security Agency.\\n\\n\\nAffected Products:\\n\\n\\n\\n  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\\n\\n  *  NSX-T 3.x\\n\\n  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nFixed Versions:\u00a0\\n\\n\\n\\n  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\\n\\n\\n\\n\\n\\n\\nWorkarounds: None.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"references\":[{\"url\":\"https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150\",\"source\":\"security@vmware.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41252\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-29T19:14:25.259914Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-29T19:14:30.473Z\"}}], \"cna\": {\"title\": \"Username enumeration vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VMware\", \"product\": \"NSX\", \"versions\": [{\"status\": \"affected\", \"version\": \"VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"VMware NSX-T 3.x\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"VMware Cloud Foundation (with NSX) 5.x, 4.5.x\"}, {\"status\": \"unaffected\", \"version\": \"VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\\n\\n\\nImpact: Username enumeration \\u2192 facilitates unauthorized access.\\n\\n\\nAttack Vector: Remote, unauthenticated.\\n\\n\\nSeverity: Important.\\n\\n\\nCVSSv3: 7.5 (High).\\n\\n\\nAcknowledgments: Reported by the National Security Agency.\\n\\n\\nAffected Products:\\n\\n\\n\\n  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\\n\\n  *  NSX-T 3.x\\n\\n  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nFixed Versions:\\u00a0\\n\\n\\n\\n  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\\n\\n\\n\\n\\n\\n\\nWorkarounds: None.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003cp\u003eDescription: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\u003c/p\u003e\\n\u003cp\u003eImpact: Username enumeration \\u2192 facilitates unauthorized access.\u003c/p\u003e\\n\u003cp\u003eAttack Vector: Remote, unauthenticated.\u003c/p\u003e\\n\u003cp\u003eSeverity: Important.\u003c/p\u003e\\n\u003cp\u003eCVSSv3: 7.5 (High).\u003c/p\u003e\\n\u003cp\u003eAcknowledgments: Reported by the National Security Agency.\u003c/p\u003e\\n\u003cp\u003eAffected Products:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003cbr\u003e\u003c/li\u003e\u003cli\u003eNSX-T 3.x\u003cbr\u003e\u003c/li\u003e\u003cli\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\\n\\n\\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\\n\u003cp\u003eFixed Versions:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNSX 9.0.1.0; \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"http://4.2.2.2/4.2.3.1\\\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\\n\u003cp\u003eWorkarounds: None.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-09-29T19:02:07.283Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-41252\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-29T19:14:38.914Z\", \"dateReserved\": \"2025-04-16T09:30:25.625Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-09-29T19:02:07.283Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cnvd-2025-23110

Vulnerability from cnvd

Title

VMware Cloud Foundation和VMware NSX用户名枚举漏洞

Description

VMware Cloud Foundation和VMware NSX都是美国威睿（VMware）公司的产品。VMware Cloud Foundation是一套一体化混合云平台。该平台包括运维自动化、基础架构自动配置和集成式生命周期管理等功能。VMware NSX是一个完整的 L2-L7 网络和安全虚拟化平台。为虚机提供了虚拟化的网络，把虚机和物理网络相隔离，做到了网络服务与具体的物理网络设备无关，使得用户在网络设备的选择和采购上有着更大的灵活性。 VMware Cloud Foundation和VMware NSX存在用户名枚举漏洞，攻击者可利用该漏洞导致未经授权的访问尝试。

Severity

高

Patch Name

VMware Cloud Foundation和VMware NSX用户名枚举漏洞的补丁

Patch Description

Formal description

厂商已提供漏洞修复方案，请及时关注厂商更新： https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-41252

Impacted products

Name
['VMware NSX 4.2.x', 'VMware NSX 4.1.x', 'VMware NSX 4.0.x', 'VMware NSX 9.x.x.x', 'VMWare NSX-T 3.x', 'VMware VMware Cloud Foundation (with NSX) 5.x', 'VMware VMware Cloud Foundation (with NSX) 4.5.x']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-41252"
    }
  },
  "description": "VMware Cloud Foundation\u548cVMware NSX\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMware Cloud Foundation\u662f\u4e00\u5957\u4e00\u4f53\u5316\u6df7\u5408\u4e91\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u8fd0\u7ef4\u81ea\u52a8\u5316\u3001\u57fa\u7840\u67b6\u6784\u81ea\u52a8\u914d\u7f6e\u548c\u96c6\u6210\u5f0f\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u529f\u80fd\u3002VMware NSX\u662f\u4e00\u4e2a\u5b8c\u6574\u7684 L2-L7 \u7f51\u7edc\u548c\u5b89\u5168\u865a\u62df\u5316\u5e73\u53f0\u3002\u4e3a\u865a\u673a\u63d0\u4f9b\u4e86\u865a\u62df\u5316\u7684\u7f51\u7edc\uff0c\u628a\u865a\u673a\u548c\u7269\u7406\u7f51\u7edc\u76f8\u9694\u79bb\uff0c\u505a\u5230\u4e86\u7f51\u7edc\u670d\u52a1\u4e0e\u5177\u4f53\u7684\u7269\u7406\u7f51\u7edc\u8bbe\u5907\u65e0\u5173\uff0c\u4f7f\u5f97\u7528\u6237\u5728\u7f51\u7edc\u8bbe\u5907\u7684\u9009\u62e9\u548c\u91c7\u8d2d\u4e0a\u6709\u7740\u66f4\u5927\u7684\u7075\u6d3b\u6027\u3002\n\nVMware Cloud Foundation\u548cVMware NSX\u5b58\u5728\u7528\u6237\u540d\u679a\u4e3e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u5c1d\u8bd5\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u5382\u5546\u66f4\u65b0\uff1a\r\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-23110",
  "openTime": "2025-10-01",
  "patchDescription": "VMware Cloud Foundation\u548cVMware NSX\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMware Cloud Foundation\u662f\u4e00\u5957\u4e00\u4f53\u5316\u6df7\u5408\u4e91\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ec\u8fd0\u7ef4\u81ea\u52a8\u5316\u3001\u57fa\u7840\u67b6\u6784\u81ea\u52a8\u914d\u7f6e\u548c\u96c6\u6210\u5f0f\u751f\u547d\u5468\u671f\u7ba1\u7406\u7b49\u529f\u80fd\u3002VMware NSX\u662f\u4e00\u4e2a\u5b8c\u6574\u7684 L2-L7 \u7f51\u7edc\u548c\u5b89\u5168\u865a\u62df\u5316\u5e73\u53f0\u3002\u4e3a\u865a\u673a\u63d0\u4f9b\u4e86\u865a\u62df\u5316\u7684\u7f51\u7edc\uff0c\u628a\u865a\u673a\u548c\u7269\u7406\u7f51\u7edc\u76f8\u9694\u79bb\uff0c\u505a\u5230\u4e86\u7f51\u7edc\u670d\u52a1\u4e0e\u5177\u4f53\u7684\u7269\u7406\u7f51\u7edc\u8bbe\u5907\u65e0\u5173\uff0c\u4f7f\u5f97\u7528\u6237\u5728\u7f51\u7edc\u8bbe\u5907\u7684\u9009\u62e9\u548c\u91c7\u8d2d\u4e0a\u6709\u7740\u66f4\u5927\u7684\u7075\u6d3b\u6027\u3002\r\n\r\nVMware Cloud Foundation\u548cVMware NSX\u5b58\u5728\u7528\u6237\u540d\u679a\u4e3e\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u5c1d\u8bd5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware Cloud Foundation\u548cVMware NSX\u7528\u6237\u540d\u679a\u4e3e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware NSX 4.2.x",
      "VMware NSX 4.1.x",
      "VMware NSX 4.0.x",
      "VMware NSX 9.x.x.x",
      "VMWare NSX-T 3.x",
      "VMware VMware Cloud Foundation (with NSX)  5.x",
      "VMware VMware Cloud Foundation (with NSX)  4.5.x"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-41252",
  "serverity": "\u9ad8",
  "submitTime": "2025-10-01",
  "title": "VMware Cloud Foundation\u548cVMware NSX\u7528\u6237\u540d\u679a\u4e3e\u6f0f\u6d1e"
}

ghsa-2gr4-4mrg-85rh

Vulnerability from github

Published

2025-09-29 21:30

Modified

2025-09-29 21:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Impact: Username enumeration → facilitates unauthorized access.

Attack Vector: Remote, unauthenticated.

Severity: Important.

CVSSv3: 7.5 (High).

Acknowledgments: Reported by the National Security Agency.

Affected Products:

VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x
NSX-T 3.x
VMware Cloud Foundation (with NSX) 5.x, 4.5.x

Fixed Versions:

NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).

Workarounds: None.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-41252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-29T19:15:35Z",
    "severity": "HIGH"
  },
  "details": "Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\n\n\nImpact: Username enumeration \u2192 facilitates unauthorized access.\n\n\nAttack Vector: Remote, unauthenticated.\n\n\nSeverity: Important.\n\n\nCVSSv3: 7.5 (High).\n\n\nAcknowledgments: Reported by the National Security Agency.\n\n\nAffected Products:\n\n\n\n  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\n  *  NSX-T 3.x\n\n  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\n\n\n\n\n\n\n\n\n\n\n\nFixed Versions:\u00a0\n\n\n\n  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\n\n\n\n\n\n\nWorkarounds: None.",
  "id": "GHSA-2gr4-4mrg-85rh",
  "modified": "2025-09-29T21:30:26Z",
  "published": "2025-09-29T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41252"
    },
    {
      "type": "WEB",
      "url": "https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2025-AVI-0832

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Cloud Foundation	Cloud Foundation versions 4.5.x avec vCenter versions 7.x antérieures à 7.0 U3w
VMware	Telco Cloud Platform	Telco Cloud Platform versions 5.x, 4.x, 3.x et 2.x sans les recommandations des articles KB411508 et KB411518
VMware	NSX	NSX versions 4.2.2.x antérieures à 4.2.2.2
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 3.x et 2.x sans les recommandations des articles KB411508 et KB411518
VMware	Cloud Foundation	Cloud Foundation versions 5.x antérieures à 5.2.2
VMware	NSX	NSX versions 4.2.3.x antérieures à 4.2.3.1
VMware	NSX	NSX-T versions 3.x antérieures à 3.2.4.3
VMware	Cloud Foundation	Cloud Foundation versions 9.x antérieures à 9.0.1.0
VMware	vCenter Server	vCenter versions 7.x antérieures à 7.0 U3w
VMware	vSphere Foundation	vSphere Foundation versions 13.x antérieures à 13.0.5.0
VMware	vCenter Server	vCenter versions 8.x antérieures à 8.0 U3g
VMware	Telco Cloud Platform	Telco Cloud Platform versions 5.x et 4.x avec Aria Operations versions 8.x antérieures à 8.18.5
VMware	vSphere Foundation	vSphere Foundation versions 9.x antérieures à 9.0.1.0
VMware	Cloud Foundation	Cloud Foundation versions 13.x antérieures à 13.0.5.0
VMware	VMware Tools	VMware Tools versions 13.x antérieures à 13.0.5
VMware	Cloud Foundation	Cloud Foundation versions 5.x et 4.x sans les recommandations des articles KB92148 et KB88287
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 3.x et 2.x avec Aria Operations versions 8.x antérieures à 8.18.5
VMware	NSX	NSX versions 4.0.x et 4.1.x antérieures à 4.1.2.7
VMware	Aria Operations	Aria Operations versions 8.x antérieures à 8.18.5
VMware	VMware Tools	VMware Tools versions 11.x et 12.x antérieures à 12.5.4

References

Title

Publication Time

fkie_cve-2025-41252

Vulnerability from fkie_nvd

Published

2025-09-29 19:15

Modified

2025-09-29 19:34

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@vmware.com	https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\n\n\nImpact: Username enumeration \u2192 facilitates unauthorized access.\n\n\nAttack Vector: Remote, unauthenticated.\n\n\nSeverity: Important.\n\n\nCVSSv3: 7.5 (High).\n\n\nAcknowledgments: Reported by the National Security Agency.\n\n\nAffected Products:\n\n\n\n  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\n  *  NSX-T 3.x\n\n  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\n\n\n\n\n\n\n\n\n\n\n\nFixed Versions:\u00a0\n\n\n\n  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\n\n\n\n\n\n\nWorkarounds: None."
    }
  ],
  "id": "CVE-2025-41252",
  "lastModified": "2025-09-29T19:34:10.030",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security@vmware.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-29T19:15:35.317",
  "references": [
    {
      "source": "security@vmware.com",
      "url": "https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    }
  ]
}

ncsc-2025-0301

Vulnerability from csaf_ncscnl

Published

2025-09-30 08:29

Modified

2025-09-30 08:29

Summary

Kwetsbaarheden verholpen in VMware NSX

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

VMware heeft kwetsbaarheden verholpen in VMware NSX

Interpretaties

De kwetsbaarheden in VMware NSX omvatten een zwak wachtwoordherstelmechanisme dat ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te enumereren, wat kan leiden tot potentiële brute-force aanvallen op inloggegevens. Daarnaast is er een kwetsbaarheid voor gebruikersnaam enumeratie die ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te identificeren, wat kan resulteren in ongeautoriseerde toegang tot het systeem.

Oplossingen

VMware heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-203

Observable Discrepancy

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "VMware heeft kwetsbaarheden verholpen in VMware NSX",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in VMware NSX omvatten een zwak wachtwoordherstelmechanisme dat ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te enumereren, wat kan leiden tot potenti\u00eble brute-force aanvallen op inloggegevens. Daarnaast is er een kwetsbaarheid voor gebruikersnaam enumeratie die ongeauthenticeerde aanvallers in staat stelt om geldige gebruikersnamen te identificeren, wat kan resulteren in ongeautoriseerde toegang tot het systeem. ",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "VMware heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Observable Discrepancy",
        "title": "CWE-203"
      },
      {
        "category": "general",
        "text": "Weak Password Recovery Mechanism for Forgotten Password",
        "title": "CWE-640"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
      }
    ],
    "title": "Kwetsbaarheden verholpen in VMware NSX",
    "tracking": {
      "current_release_date": "2025-09-30T08:29:24.969885Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0301",
      "initial_release_date": "2025-09-30T08:29:24.969885Z",
      "revision_history": [
        {
          "date": "2025-09-30T08:29:24.969885Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "NSX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "NSX-T"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "vCenter"
          }
        ],
        "category": "vendor",
        "name": "VMware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41250",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "description",
          "text": "VMware vCenter has an SMTP header injection vulnerability that allows non-administrative users with scheduled task permissions to manipulate notification emails.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41250 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41250.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41250"
    },
    {
      "cve": "CVE-2025-41251",
      "cwe": {
        "id": "CWE-640",
        "name": "Weak Password Recovery Mechanism for Forgotten Password"
      },
      "notes": [
        {
          "category": "other",
          "text": "Weak Password Recovery Mechanism for Forgotten Password",
          "title": "CWE-640"
        },
        {
          "category": "description",
          "text": "VMware NSX has a high-severity vulnerability (8.1) in its password recovery mechanism, allowing unauthenticated attackers to enumerate valid usernames, increasing the risk of credential brute-force attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41251 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41251.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41251"
    },
    {
      "cve": "CVE-2025-41252",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "other",
          "text": "Observable Discrepancy",
          "title": "CWE-203"
        },
        {
          "category": "description",
          "text": "VMware NSX has a high-severity username enumeration vulnerability that allows unauthenticated attackers to identify valid usernames, potentially leading to unauthorized access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41252 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41252.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-41252"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-41252 (GCVE-0-2025-41252)

Vulnerability from cvelistv5

cnvd-2025-23110

Vulnerability from cnvd

ghsa-2gr4-4mrg-85rh

Vulnerability from github

CERTFR-2025-AVI-0832

Vulnerability from certfr_avis

Solutions

fkie_cve-2025-41252

Vulnerability from fkie_nvd

ncsc-2025-0301

Vulnerability from csaf_ncscnl

Tags

Sightings

Nomenclature