CVE-2025-41250 | THREATINT

Description

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-29 | Updated 2025-09-30 | Assigner vmware

HIGH: 8.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

unaffected

8.0 before 8.0 U3g

affected

7.0 before 7.0 U3w

affected

Default status

unaffected

9.x.x.x before 9.0.1.0

affected

5.x before 5.2.2

affected

4.5.x

affected

Default status

unaffected

5.x, 4.x, 3.x, 2.x

affected

Default status

unaffected

3.x, 2.x

affected

Default status

unaffected

9.x.x.x before 9.0.1.0

affected

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36150

cve.org (CVE-2025-41250)

nvd.nist.gov (CVE-2025-41250)

Download JSON

help @ threatint.eu