Missing Authorization Vulnerability in VMware Cloud Foundation
CVE-2025-41231

7.3HIGH

Key Information:

Vendor: VMware
Status: Vmware Cloud Foundation
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-41231?

VMware Cloud Foundation has a vulnerability that allows a malicious actor with access to the appliance to perform unauthorized actions, leading to potential access to sensitive information. This issue highlights the importance of strict authorization controls to prevent unauthorized interactions with critical systems.

Affected Version(s)

VMware Cloud Foundation 5.x < 5.2.1.2

VMware Cloud Foundation 4.5.x

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 16, 2025