Directory Traversal Vulnerability in VMware Cloud Foundation by VMware
CVE-2025-41229

8.2HIGH

Key Information:

Vendor

VMware

Vendor
CVE Published:
20 May 2025

What is CVE-2025-41229?

VMware Cloud Foundation is affected by a directory traversal vulnerability that can be exploited by a malicious actor with network access to port 443. This flaw allows unauthorized access to certain internal services, potentially compromising the security of the entire system. Users are advised to review security practices and implement necessary mitigations to safeguard their systems against exploitation.

Affected Version(s)

VMware Cloud Foundation 5.x < 5.2.1.2

VMware Cloud Foundation 4.5.x

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.