- 211/2025
- High
VMware has released security updates to fix several vulnerabilities across multiple VMware products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, manipulate notification emails, gain elevated privileges, conduct denial of service attacks, or gain access to the affected products.
Sample of addressed vulnerabilities:
1. VMware vCenter SMTP Header Injection Vulnerability (CVE-2025-41250):
- CVSS: 8.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
2. VMware NSX Weak Password Recovery Mechanism Vulnerability (CVE-2025-41251):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Sample of the affected products:
- VMware vCenter.
- VMware Aria Operations.
- VMware NSX/ NSX-T.
- VMware Telco Cloud Platform/ Infrastructure.
- VMware Cloud Foundation.
Vulnerabilities
- CVE-2025-41250
- CVE-2025-41251
- CVE-2025-41245
- CVE-2025-41246
- CVE-2025-41241
- CVE-2025-41244
- CVE-2025-41252
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.