6.8
CVE-2025-41226
- EPSS 0.07%
- Published 20.05.2025 14:24:24
- Last modified 21.05.2025 20:25:16
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorVMware
≫
Product
ESXi
Default Statusunaffected
Version <
ESXi80U3se-24659227
Version
8.0
Status
affected
Version <
ESXi70U3sv-24723868
Version
7.0
Status
affected
VendorVMware
≫
Product
Cloud Foundation
Default Statusunaffected
Version
5.x, 4.5.x
Status
affected
VendorVMware
≫
Product
Telco Cloud Platform
Default Statusunaffected
Version
5.x, 4.x, 3.x, 2.x
Status
affected
VendorVMware
≫
Product
Telco Cloud Infrastructure
Default Statusunaffected
Version
3.x, 2.x
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.212 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| security@vmware.com | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.