CVEFinder.io

CVE-2025-41250

⚠️ high
🔍 Scan for this CVE
Summary

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

CVSS Score
8.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2025-09-29
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 80.7% of all 318,332 vulnerabilities in our database.

#61,365
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Sep 29, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-09-29
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
CWE IDs (Weakness Types)
CWE-77

📦 Affected Products 8

Vendor Product Status Affected Versions
vmware cloud_foundation Affected
≥ 5.x < 5.2.2
vmware cloud_foundation Affected
≥ 9.x.x.x < 9.0.1.0
vmware cloud_foundation Affected
v4.5.x
vmware telco_cloud_platform Affected
v5.x,_4.x,_3.x,_2.x
vmware telco_cloud_infrastructure Affected
v3.x,_2.x
vmware vcenter Affected
≥ 7.0 < 7.0 U3w
vmware vcenter Affected
≥ 8.0 < 8.0 U3g
vmware vsphere_foundation Affected
≥ 9.x.x.x < 9.0.1.0

🔗 References 1

https://support.broadcom.com/web/ecx/support-content...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-22719 ⚠️ high 8.1 7.4 VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this is... 2026-02-25
CVE-2026-22720 ⚠️ high 8.0 0.1 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create... 2026-02-25
CVE-2026-22721 🔶 medium 6.2 0.1 VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to ac... 2026-02-25
CVE-2025-41244 ⚠️ high 7.8 1.0 VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor wit... 2025-09-29
CVE-2025-41241 🔶 medium 4.4 0.1 VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and h... 2025-07-29
CVE-2025-41236 ⛔ critical 9.3 0.0 VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. ... 2025-07-15
These CVEs affect the same products