Do Son 
Broadcom has released patches for three vulnerabilities affecting VMware vCenter Server and VMware NSX, with severities rated Important. The flaws—CVE-2025-41250, CVE-2025-41251, and CVE-2025-41252—could enable attackers to manipulate system notifications or enumerate usernames, increasing the risk of brute-force or unauthorized access attempts.
CVE-2025-41250 – SMTP Header Injection in vCenter (CVSS 8.5)
Broadcom explains: “VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.”
A malicious actor with non-administrative privileges on vCenter and the ability to create scheduled tasks could exploit this bug to manipulate notification emails. While no workarounds exist, Broadcom has issued fixes in vCenter 9.0.1.0, 8.0 U3g, and 7.0 U3w.
CVE-2025-41251 – Weak Password Recovery in NSX (CVSS 8.1)
A second flaw impacts VMware NSX. The advisory notes: “VMware NSX contains a weak password recovery mechanism vulnerability.”
This bug allows an unauthenticated attacker to enumerate valid usernames, which could then be used in brute-force attempts. Updates are available in NSX 9.0.1.0, 4.2.2.2, 4.2.3.1, and 4.1.2.7.
CVE-2025-41252 – Username Enumeration in NSX (CVSS 7.5)
The third flaw also affects NSX and is closely related. According to Broadcom, “VMware NSX contains a username enumeration vulnerability… An unauthenticated malicious actor may exploit this vulnerability to enumerate valid usernames, potentially leading to unauthorized access attempts.”
Fixes are included alongside those for CVE-2025-41251.
Affected Products
The advisory confirms that the following are impacted:
- VMware vCenter Server (7.0, 8.0, 9.x)
- VMware NSX (3.x, 4.x, 5.x, 9.x)
- VMware Cloud Foundation
- VMware vSphere Foundation
- VMware Telco Cloud Platform
- VMware Telco Cloud Infrastructure
Mitigation
Broadcom stresses that no workarounds exist, and organizations should apply the patches immediately. Customers can reference KB88287 and KB411508 for async patching guidance.
Related Posts:
- Multiple Stored XSS Vulnerabilities Discovered in VMware NSX — Patch Now
- Cable: Open-Source, Powerful Tool for Active Directory Post-Exploitation and Enumeration
- Broadcom Fixes RCE, DoS, XSS in VMware ESXi, vCenter, Workstation
- SoaPy: A New Tool for Stealthy Active Directory Enumeration via ADWS
- SMTP Smuggling: The New Frontier in Email Spoofing
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
