CVE-2025-41241

Summary

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.

Affected Software

VendorProductVersion RangeStatus
VMwarevCenter8.0 < 8.0 U3gaffected
VMwarevCenter7.0 < 7.0 U3vaffected
VMwareCloud Foundation5.x, 4.5.xaffected
VMwareTelco Cloud Platform5.x, 2.xaffected
VMwareTelco Cloud Infrastructure2.xaffected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References