CVE-2025-41252

Medienbericht

EPSS 0.07%
Veröffentlicht 29.09.2025 19:15:35
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security@vmware.com
CVE-Watchlists
Login
Unerledigt
Login

Username enumeration vulnerability

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.


Impact: Username enumeration → facilitates unauthorized access.


Attack Vector: Remote, unauthenticated.


Severity: Important.


CVSSv3: 7.5 (High).


Acknowledgments: Reported by the National Security Agency.


Affected Products:



  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x

  *  NSX-T 3.x

  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x












Fixed Versions: 



  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).






Workarounds: None.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerVMware

≫

Produkt NSX

Default Statusunaffected

Version VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x

Status affected

Version VMware NSX-T 3.x

Status affected

Version VMware Cloud Foundation (with NSX) 5.x, 4.5.x

Status affected

Version VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.206

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@vmware.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://www.heise.de/news/Verschiedene-Attacken-auf-VMware-vCenter-NSX-Co-moeglich-10688819.html

Media Report

https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

https://nvd.nist.gov/vuln/detail/CVE-2025-41252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-41252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-41252

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-41252