On September 29, 2025, VMware disclosed multiple critical security vulnerabilities affecting its vCenter Server and NSX platforms. These vulnerabilities, identified as CVE-2025-41250, CVE-2025-41251, and CVE-2025-41252, pose significant risks, including unauthorized username enumeration and manipulation of system notifications. The affected products encompass VMware Cloud Foundation, vSphere Foundation, NSX, NSX-T, and Telco Cloud platforms.
vCenter SMTP Header Injection Vulnerability (CVE-2025-41250):
This vulnerability, assigned a CVSS score of 8.5, resides in the Simple Mail Transfer Protocol (SMTP) header processing of VMware vCenter Server. It allows authenticated users with non-administrative privileges and the ability to create scheduled tasks to manipulate notification emails associated with those tasks.
Potential Exploitation:
An attacker exploiting this flaw could inject malicious content into email headers, potentially redirecting notifications, inserting harmful links, or bypassing email security measures. Such manipulations could facilitate social engineering attacks, credential theft, or unauthorized information disclosure.
Affected Versions:
– vCenter Server versions 7.0, 8.0, and 9.x
– VMware Cloud Foundation and vSphere Foundation deployments
– VMware Telco Cloud Platform versions 2.x through 5.x
– VMware Telco Cloud Infrastructure versions 2.x and 3.x
NSX Username Enumeration Vulnerabilities:
Two distinct vulnerabilities in VMware NSX platforms enable unauthorized username enumeration:
1. Weak Password Recovery Mechanism (CVE-2025-41251):
– CVSS Score: 8.1
– Description: An unauthenticated attacker can exploit the password recovery process to determine valid usernames.
2. Direct Username Enumeration (CVE-2025-41252):
– CVSS Score: 7.5
– Description: Allows unauthenticated attackers to identify valid usernames without authentication.
Implications:
These vulnerabilities can serve as reconnaissance tools for attackers, enabling them to compile lists of valid usernames. This information can be leveraged in subsequent brute-force attacks, credential stuffing, or targeted phishing campaigns.
Affected Versions:
– VMware NSX versions 4.0.x through 4.2.x
– NSX-T version 3.x
– NSX components within Cloud Foundation and Telco Cloud platforms
Mitigation and Recommendations:
VMware has released security patches to address these vulnerabilities. Organizations are strongly advised to apply the following updates immediately:
– For vCenter Server:
– Upgrade to the latest version corresponding to your deployment.
– For NSX Platforms:
– Upgrade to NSX versions 4.2.2.2, 4.2.3.1, 4.1.2.7, or NSX-T 3.2.4.3, as applicable.
Additional Security Measures:
– Monitor System Logs: Regularly review logs for unusual activities, especially related to authentication and email notifications.
– Restrict Privileges: Limit task creation and password recovery permissions to essential personnel only.
– User Education: Educate users about the risks of phishing and social engineering attacks.
Conclusion:
The disclosure of these vulnerabilities underscores the importance of proactive security measures in virtualized environments. Organizations utilizing VMware vCenter Server and NSX platforms must prioritize the application of the provided patches to mitigate potential exploitation risks. Staying vigilant and maintaining up-to-date systems are crucial steps in safeguarding against emerging threats.
