7.5

CVE-2025-41252

Media report

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.


Impact: Username enumeration → facilitates unauthorized access.


Attack Vector: Remote, unauthenticated.


Severity: Important.


CVSSv3: 7.5 (High).


Acknowledgments: Reported by the National Security Agency.


Affected Products:



  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x

  *  NSX-T 3.x

  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x












Fixed Versions: 



  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).






Workarounds: None.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorVMware
Product NSX
Default Statusunaffected
Version VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x
Status affected
Version VMware NSX-T 3.x
Status affected
Version VMware Cloud Foundation (with NSX) 5.x, 4.5.x
Status affected
Version VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.179
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
security@vmware.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.