Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN651 _____________________________________________________________________ DATE : 30/09/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Cloud Foundation, VMware NSX, VMware Telco Cloud Infrastructure, VMware Telco Cloud Platform, VMware vCenter Server. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150?utm_campaign=VCF_FY25_VCF_VMSA-2025-0016_MKT_CM_4443&utm_content=VCF_FY25_VCF_VMSA-2025-0016_4443_SecurityAlert_MKT_TRANS_EM_7853&utm_medium=email&utm_source=eloqua _____________________________________________________________________ VMSA-2025-0016: VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252) Product/Component VMware Cloud Foundation VMware NSX VMware Telco Cloud Infrastructure VMware Telco Cloud Platform VMware vCenter Server Notification Id 36150 Last Updated 29 September 2025 Initial Publication Date 29 September 2025 Status OPEN Severity HIGH CVSS Base Score 7.5-8.5 WorkAround Affected CVE CVE-2025-41250, CVE-2025-41251, CVE-2025-41252 Advisory ID: VMSA-2025-0016 Advisory Severity: Important CVSSv3 Range: 7.5-8.5 Synopsis: VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252) Issue date: 2025-09-29 Updated on: 2025-09-29 (Initial Advisory) CVE(s) CVE-2025-41250, CVE-2025-41251, CVE-2025-41252 1. Impacted Products VMware NSX NSX-T VMware Cloud Foundation VMware vCenter Server VMware Telco Cloud Platform VMware Telco Cloud Infrastructure 2. Introduction Multiple vulnerabilities in VMware vCenter and NSX were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products. 3a. vCenter SMTP header injection vulnerability (CVE-2025-41250) Description: VMware vCenter contains an SMTP header injection vulnerability. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. Known Attack Vectors: A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks. Resolution: To remediate CVE-2025-41250 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds: None Additional Documentation: None Acknowledgments: Broadcom would like to thank Per von Zweigbergk for reporting this issue to us. Notes: None. Response Matrix: VMware Product Component Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation VMware Cloud Foundation, VMware vSphere Foundation vCenter 9.x.x.x Any CVE-2025-41250 8.5 Important 9.0.1.0 None None VMware vCenter N/A 8.0 Any CVE-2025-41250 8.5 Important 8.0 U3g None None VMware vCenter N/A 7.0 Any CVE-2025-41250 8.5 Important 7.0 U3w None VMware Cloud Foundation vCenter 5.x Any CVE-2025-41250 8.5 Important 5.2.2 None Async Patching Guide: KB88287 VMware Cloud Foundation vCenter 4.5.x Any CVE-2025-41250 8.5 Important Async patch to 7.0 U3w None Async Patching Guide: KB88287 VMware Telco Cloud Platform vCenter 5.x, 4.x, 3.x, 2.x Any CVE-2025-41250 8.5 Important KB411508 None None VMware Telco Cloud Infrastructure vCenter 3.x, 2.x Any CVE-2025-41250 8.5 Important KB411508 None None 3b. NSX weak password recovery mechanism vulnerability (CVE-2025-41251) Description: VMware NSX contains a weak password recovery mechanism vulnerability. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1. Known Attack Vectors: An unauthenticated malicious actor may exploit this vulnerability to enumerate valid usernames, potentially leading to brute-force attacks. Resolution: To remediate CVE-2025-41251 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: None. Additional Documentation: None. Acknowledgments: Broadcom would like to thank the National Security Agency for reporting this issue to us. Notes: None. 3c. NSX username enumeration vulnerability (CVE-2025-41252) Description: VMware NSX contains a username enumeration vulnerability. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5. Known Attack Vectors: An unauthenticated malicious actor may exploit this vulnerability to enumerate valid usernames, potentially leading to unauthorized access attempts. Resolution: To remediate CVE-2025-41252 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: None. Additional Documentation: None. Acknowledgments: Broadcom would like to thank the National Security Agency for reporting this issue to us. Notes: None. Response Matrix 3b & 3c: VMware Product Component Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation VMware Cloud Foundation, VMware vSphere Foundation VMware NSX 9.x.x.x Any CVE-2025-41251, CVE-2025-41252 8.1, 7.5 Important 9.0.1.0 None None VMware NSX N/A 4.2.x Any CVE-2025-41251, CVE-2025-41252 8.1, 7.5 Important 4.2.2.2, 4.2.3.1 None None VMware NSX N/A 4.1.x, 4.0.x Any CVE-2025-41251, CVE-2025-41252 8.1, 7.5 Important 4.1.2.7 None None NSX-T N/A 3.x Any CVE-2025-41251, CVE-2025-41252 8.1, 7.5 Important 3.2.4.3 None None VMware Cloud Foundation VMware NSX 5.x Any CVE-2025-41251, CVE-2025-41252 8.1, 7.5 Important KB88287 None Async Patching Guide: KB88287 VMware Cloud Foundation VMware NSX 4.5.x Any CVE-2025-41251, CVE-2025-41252 8.1, 7.5 Important KB88287 None Async Patching Guide: KB88287 VMware Telco Cloud Infrastructure VMware NSX 3.x, 2.x Any CVE-2025-41251, CVE-2025-41252 8.1, 7.5 Important KB411518 None None VMware Telco Cloud Platform VMware NSX 5.x, 4.x, 3.x Any CVE-2025-41251, CVE-2025-41252 8.1, 7.5 Important KB411518 None None 4. References VMware Cloud Foundation 9.0.1.0: Downloads and Documentation: https://support.broadcom.com/group/ecx/productfiles?displayGroup=VMware%20Cloud%20Foundation%209&release=9.0.1.0&os=&servicePk=534266&language=EN&groupId=534225&viewGroup=true VMware vSphere Foundation 9.0.1.0: Downloads and Documentation: https://support.broadcom.com/group/ecx/productfiles?displayGroup=VMware%20vSphere%20Foundation%209&release=9.0.1.0&os=&servicePk=534207&language=EN&groupId=534225&viewGroup=true VMware Cloud Foundation 5.2.2 Downloads and Documentation: https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-5-2-and-earlier/5-2/vcf-release-notes/vmware-cloud-foundation-522-release-notes.html VMware vCenter 8.0 U3g Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=15964 https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/vcenter-server-update-and-patch-release-notes/vsphere-vcenter-server-80u3g-release-notes.html VMware vCenter 7.0 U3w Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=15986 https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/vcenter-server-update-and-patch-releases/vsphere-vcenter-server-70u3w-release-notes.html VMware NSX 4.2.3.1 Downloads and Documentation: https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.2.3.1&os=&servicePk=&language=EN https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4231-release-notes.html VMware NSX 4.2.2.2 Downloads and Documentation: https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.2.2.2&os=&servicePk=&language=EN https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4222-release-notes.html VMware NSX 4.1.2.7 Downloads and Documentation: https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.1.2.7&os=&servicePk=&language=EN https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-1/release-notes/vmware-nsx-4127-release-notes.html VMware NSX-T 3.2.4.3 Downloads and Documentation https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX-T%20Data%20Center&displayGroup=VMware%20NSX-T%20Data%20Center&release=3.2.4.3&os=&servicePk=&language=EN https://techdocs.broadcom.com/us/en/vmware-cis/nsx/nsxt-dc/3-2/release-notes/vmware-nsxt-data-center-3243-release-notes.html Mitre CVE Dictionary Links: https://www.cve.org/CVERecord?id=CVE-2025-41250 https://www.cve.org/CVERecord?id=CVE-2025-41251 https://www.cve.org/CVERecord?id=CVE-2025-41252 FIRST CVSSv3 Calculator: CVE-2025-41250: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L CVE-2025-41251: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-41252: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 5. Change Log: 2025-09-29 VMSA-2025-0016 Initial security advisory. 6. Contact: E-mail: vmware.psirt@broadcom.com PGP key https://knowledge.broadcom.com/external/article/321551 VMware Security Advisories https://www.broadcom.com/support/vmware-security-advisories VMware External Vulnerability Response and Remediation Policy https://www.broadcom.com/support/vmware-services/security-response VMware Lifecycle Support Phases 
https://support.broadcom.com/group/ecx/productlifecycle VMware Security Blog 
https://blogs.vmware.com/security X https://x.com/VMwareSRC Copyright 2025 Broadcom. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================