CVE-2025-41241

EPSS 0.07%
Published 29.07.2025 12:25:55
Last modified 29.07.2025 14:14:29
Source security@vmware.com
Teams watchlist Login
Open Login

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorVMware

≫

Product vCenter

Default Statusunaffected

Version < 8.0 U3g

Version 8.0

Status affected

Version < 7.0 U3v

Version 7.0

Status affected

VendorVMware

≫

Product Cloud Foundation

Default Statusunaffected

Version 5.x, 4.5.x

Status affected

VendorVMware

≫

Product Telco Cloud Platform

Default Statusunaffected

Version 5.x, 2.x

Status affected

VendorVMware

≫

Product Telco Cloud Infrastructure

Default Statusunaffected

Version 2.x

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.217

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security@vmware.com	4.4	0.7	3.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35964

https://nvd.nist.gov/vuln/detail/CVE-2025-41241

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41241

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41241

EUVD