Weak Password Recovery Mechanism in VMware NSX Products
CVE-2025-41251

8.1HIGH

Key Information:

Vendor: Vmware
Status: Nsx
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-41251?

VMware NSX exhibits a vulnerability in its password recovery mechanism, which may allow unauthenticated attackers to enumerate valid usernames. This opens the door to potential brute-force attacks, presenting a significant risk to user credentials. The issue affects multiple versions of VMware NSX and NSX-T, prompting users to update to the fixed versions to mitigate potential exploits. No workarounds are available.

Affected Version(s)

NSX VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x

NSX VMware NSX-T - 3.x

NSX VMware Cloud Foundation (with NSX) - 5.x, 4.5.x

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Vmware

What is CVE-2025-41251?

Affected Version(s)

References

CVSS V3.1

Timeline