High-Severity VMware NSX Vulnerabilities Patched by Broadcom
Summary
Hide ▲
Show ▼
Broadcom has released security updates to address two high-severity vulnerabilities in VMware NSX, reported by the U.S. National Security Agency (NSA). These flaws, CVE-2025-41251 and CVE-2025-41252, affect the password recovery mechanism and username enumeration, respectively. Both can be exploited by unauthenticated attackers to enumerate valid usernames, potentially leading to brute-force attacks or unauthorized access. VMware NSX is a networking virtualization solution within VMware Cloud Foundation, enabling the deployment of traditional and modern applications in private/hybrid clouds. The vulnerabilities highlight the ongoing risk of state-sponsored and cybercriminal exploitation of VMware products.
Timeline
-
30.09.2025 15:10 1 articles · 4h ago
Broadcom patches high-severity VMware NSX vulnerabilities
Broadcom released security updates to fix two high-severity vulnerabilities in VMware NSX, reported by the NSA. The flaws, CVE-2025-41251 and CVE-2025-41252, affect the password recovery mechanism and username enumeration, respectively. Both can be exploited by unauthenticated attackers to enumerate valid usernames, potentially leading to brute-force attacks or unauthorized access. Additionally, Broadcom patched a high-severity SMTP header injection vulnerability in VMware vCenter and disclosed three more security flaws in VMware Aria Operations and VMware Tools.
Show sources
- Broadcom fixes high-severity VMware NSX bugs reported by NSA — www.bleepingcomputer.com — 30.09.2025 15:10
Information Snippets
-
CVE-2025-41251 is a weakness in the password recovery mechanism that allows unauthenticated attackers to enumerate valid usernames.
First reported: 30.09.2025 15:101 source, 1 articleShow sources
- Broadcom fixes high-severity VMware NSX bugs reported by NSA — www.bleepingcomputer.com — 30.09.2025 15:10
-
CVE-2025-41252 is a username enumeration vulnerability that can be exploited by unauthenticated threat actors to enumerate valid usernames.
First reported: 30.09.2025 15:101 source, 1 articleShow sources
- Broadcom fixes high-severity VMware NSX bugs reported by NSA — www.bleepingcomputer.com — 30.09.2025 15:10
-
VMware NSX is a networking virtualization solution within VMware Cloud Foundation.
First reported: 30.09.2025 15:101 source, 1 articleShow sources
- Broadcom fixes high-severity VMware NSX bugs reported by NSA — www.bleepingcomputer.com — 30.09.2025 15:10
-
The NSA reported the vulnerabilities to Broadcom.
First reported: 30.09.2025 15:101 source, 1 articleShow sources
- Broadcom fixes high-severity VMware NSX bugs reported by NSA — www.bleepingcomputer.com — 30.09.2025 15:10
-
Broadcom also patched a high-severity SMTP header injection vulnerability (CVE-2025-41250) in VMware vCenter.
First reported: 30.09.2025 15:101 source, 1 articleShow sources
- Broadcom fixes high-severity VMware NSX bugs reported by NSA — www.bleepingcomputer.com — 30.09.2025 15:10
-
Three additional security flaws in VMware Aria Operations and VMware Tools were disclosed by Broadcom.
First reported: 30.09.2025 15:101 source, 1 articleShow sources
- Broadcom fixes high-severity VMware NSX bugs reported by NSA — www.bleepingcomputer.com — 30.09.2025 15:10