CVE-2025-41241

Published: Jul 29, 2025

Modified: Jul 29, 2025

PUBLISHED

CVSS v3.1

4.4

MEDIUM

Description

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.

Vendor	Product	Versions
VMware	vCenter	affected `8.0 - < 8.0 U3g` affected `7.0 - < 7.0 U3v`
VMware	Cloud Foundation	affected `5.x, 4.5.x`
VMware	Telco Cloud Platform	affected `5.x, 2.x`
VMware	Telco Cloud Infrastructure	affected `2.x`

Weaknesses (CWE)

CWE-754

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35964

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-41241

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References