216.73.217.80

CVE-2025-41250

· Published 29/09/2025 18:15 · Modified 29/09/2025 19:34

Labels: CVE-2025-41250 2025-09-29CVE-2025-41250CWE-77[email protected]

Essential information

Published
29/09/2025 18:15
Modified
29/09/2025 19:34
Author
Creator
CVSS
8.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

CVSS metrics

Description

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vmware / vcenter cpe:2.3:a:vmware:vcenter:*:*:*:*:*:*:*:*

References