Denial-of-Service Vulnerability in VMware vCenter
CVE-2025-41241

4.4MEDIUM

Key Information:

Vendor: Vmware
Status: Vcenter; Cloud Foundation; Telco Cloud Platform; Telco Cloud Infrastructure
Vendor: CVE Published:; 29 July 2025

What is CVE-2025-41241?

VMware vCenter has a vulnerability that allows authenticated users to trigger a denial-of-service condition. This occurs when a user with permission to execute API calls for guest operating system customization manipulates the APIs, potentially causing service disruptions. Administrators should ensure that user permissions are tightly controlled and regularly reviewed to mitigate the risk of exploitation.

Affected Version(s)

Cloud Foundation 5.x, 4.5.x

Telco Cloud Infrastructure 2.x

Telco Cloud Platform 5.x, 2.x

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Apr 16, 2025

Vmware

What is CVE-2025-41241?

Affected Version(s)

References

CVSS V3.1

Timeline