- 110/2025
- High
VMware has released security updates to fix multiple vulnerabilities affecting VMware Cloud Foundation.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, execute arbitrary commands/codes, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. VMware Cloud Foundation Directory Traversal Vulnerability (CVE-2025- 41229):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware Cloud Foundation Information Disclosure Vulnerability (CVE-2025- 41230):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2025-41229
- CVE-2025-41230
- CVE-2025-41231
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.