CVE-2025-41241

EPSS 0.1%
Veröffentlicht 29.07.2025 12:25:55
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security@vmware.com
CVE-Watchlists
Login
Unerledigt
Login

Denial-of-service vulnerability

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 4 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerVMware

≫

Produkt vCenter

Default Statusunaffected

Version 8.0

Version < 8.0 U3g

Status affected

Version 7.0

Version < 7.0 U3v

Status affected

HerstellerVMware

≫

Produkt Cloud Foundation

Default Statusunaffected

Version 5.x, 4.5.x

Status affected

HerstellerVMware

≫

Produkt Telco Cloud Platform

Default Statusunaffected

Version 5.x, 2.x

Status affected

HerstellerVMware

≫

Produkt Telco Cloud Infrastructure

Default Statusunaffected

Version 2.x

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.275

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@vmware.com	4.4	0.7	3.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35964

https://nvd.nist.gov/vuln/detail/CVE-2025-41241

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41241

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41241

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-41241