CVE-2025-41250NVD

Vulnerability Summary

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

Severity Level

HIGH(8.5)

Published Date

Sep 29, 2025

Last Modified

Sep 29, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-77: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityNone

IntegrityHigh

AvailabilityLow

External References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150