CVE-2025-41241

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35964

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) VMware vCenter contiene una vulnerabilidad de denegación de servicio. Un agente malicioso autenticado a través de vCenter y con permiso para realizar llamadas a la API para la personalización del sistema operativo invitado podría activar esta vulnerabilidad y crear una condición de denegación de servicio.

29 Jul 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-29 13:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-41241

Mitre link : CVE-2025-41241

CVE.ORG link : CVE-2025-41241

JSON object : View

Products Affected

No product.

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

4.4 /10