High
CVE-2025-41252
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access att…
Tag: VMware Cloud Foundation
All CVEs associated with "VMware Cloud Foundation". Page 1/1 • 10 CVEs.
About “VMware Cloud Foundation”
A curated feed of “VMware Cloud Foundation”-related CVEs appears below. We currently track 10 CVEs for this tag (all time). In the last 365 days, 2 were published. Average CVSS is 7.4 (all time; 7.8 over 365d), and 70% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-203 - Observable Discrepancy, CWE-640 - Weak Password Recovery Mechanism for Forgotten Password.
In our taxonomy this topic maps to a MODERATE impact class. Virtualization and VDI management can impact many hosts at once. Patch the management plane first, restrict management networks, and verify backup or snapshot workflows. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: vmware-cloud-foundation
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 9.1 | 9.1.0.0 | |||
| 9.0 | 9.0.2.0 | |||
| 5.2 | 5.2.3 | |||
| 5.1 | 5.1.1 | |||
| 5.0 | 5.0.0.1 | |||
| 4.5 | 4.5.2 | Expired | ||
| 3.11 | 3.11.0.1 | Expired | ||
| 4.4 | 4.4.1 | Expired | ||
| 4.3 | 4.3.1 | Expired | ||
| 4.2 | 4.2.1 | Expired | ||
| 4.1 | 4.1.0 | Expired | ||
| 3.10 | 3.10.2 | Expired | ||
| 4.0 | 4.0.1 | Expired | ||
| 3.9 | 3.9.1 | Expired | ||
| 3.8 | 3.8.1 | Expired | ||
| 2.3 | 2.3.2 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “VMware Cloud Foundation” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-09-29
High
CVE-2025-41251
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impa…
2025-05-20
High
CVE-2025-41231
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and acce…
High
CVE-2025-41230
VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensiti…
High
CVE-2025-41229
VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal se…
2022-10-28
Critical
CVE-2022-31678
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-servi…
2022-02-04
Medium
CVE-2022-22939
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access…
2021-02-24
Medium
CVE-2021-21973
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 44…
Critical
CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with…
2020-12-21
Medium
CVE-2020-3999
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundatio…