CVE Daily – VMware Cloud Foundation (High+Critical)

[High] CVE-2025-41252 – Description: VMware NSX contains a username enumeration vulnerability. An unauth...

Mon, 29 Sep 2025 19:15:35 +0000

High CVE-2025-41252

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unauthorized access. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 7.5 (High). Acknowledgments: Reported by the Natio…

CVSS: 7.5 · CWE: CWE-203

View on NVD

[High] CVE-2025-41251 – VMware NSX contains a weak password recovery mechanism vulnerability. An unauthe...

Mon, 29 Sep 2025 19:15:35 +0000

High CVE-2025-41251

VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 8.1 (High). Acknowledgments: Reported by the National Security Agency. Af…

CVSS: 8.1 · CWE: CWE-640

View on NVD

[High] CVE-2025-41231 – VMware Cloud Foundation contains a missing authorisation vulnerability. A malici...

Tue, 20 May 2025 13:15:48 +0000

High CVE-2025-41231

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.

CVSS: 7.3 · CWE: CWE-862

View on NVD

[High] CVE-2025-41230 – VMware Cloud Foundation contains an information disclosure vulnerability. A mali...

Tue, 20 May 2025 13:15:47 +0000

High CVE-2025-41230

VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.

CVSS: 7.5 · CWE: CWE-200

View on NVD

[High] CVE-2025-41229 – VMware Cloud Foundation contains a directory traversal vulnerability. A maliciou...

Tue, 20 May 2025 13:15:47 +0000

High CVE-2025-41229

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services.

CVSS: 8.2 · CWE: CWE-22

View on NVD

[Critical] CVE-2022-31678 – VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerabil...

Fri, 28 Oct 2022 02:15:17 +0000

Critical CVE-2022-31678

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

CVSS: 9.1 · CWE: CWE-611

View on NVD

[Critical] CVE-2021-21972 – The vSphere Client (HTML5) contains a remote code execution vulnerability in a v...

Wed, 24 Feb 2021 17:15:15 +0000

Critical CVE-2021-21972

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Clo…

CVSS: 9.8 · CWE: CWE-22

View on NVD