CVE-2025-41241

🔶 medium

Summary

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.

CVSS Score

4.4

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2025-07-29

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 11.6% of all 318,332 vulnerabilities in our database.

#281,327

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Jul 29, 2025

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2025-07-29

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-754

📦 Affected Products 5

Vendor	Product	Status	Affected Versions
vmware	cloud_foundation	Affected	v5.x,_4.5.x
vmware	telco_cloud_platform	Affected	v5.x,_2.x
vmware	telco_cloud_infrastructure	Affected	v2.x
vmware	vcenter	Affected	≥ 7.0 < 7.0 U3v
vmware	vcenter	Affected	≥ 8.0 < 8.0 U3g

🔗 References 1

https://support.broadcom.com/web/ecx/support-content...

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-22719	⚠️ high	8.1	7.4	VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this is...	2026-02-25
CVE-2026-22720	⚠️ high	8.0	0.1	VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create...	2026-02-25
CVE-2026-22721	🔶 medium	6.2	0.1	VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to ac...	2026-02-25
CVE-2025-41244	⚠️ high	7.8	1.0	VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor wit...	2025-09-29
CVE-2025-41250	⚠️ high	8.5	0.1	VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on...	2025-09-29
CVE-2025-41236	⛔ critical	9.3	0.0	VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. ...	2025-07-15

These CVEs affect the same products