CVE-2025-41231

Summary

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

Affected Software

VendorProductVersion RangeStatus
n/aVMware Cloud Foundation5.x < 5.2.1.2affected
n/aVMware Cloud Foundation4.5.xaffected

Weaknesses

  • Missing Authorisation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References