{"id":3054,"date":"2025-10-01T23:52:23","date_gmt":"2025-10-01T23:52:23","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/10\/01\/broadcom-issues-patches-for-vmware-nsx-and-vcenter-security-flaws\/"},"modified":"2025-10-01T23:52:23","modified_gmt":"2025-10-01T23:52:23","slug":"broadcom-issues-patches-for-vmware-nsx-and-vcenter-security-flaws","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/10\/01\/broadcom-issues-patches-for-vmware-nsx-and-vcenter-security-flaws\/","title":{"rendered":"Broadcom Issues Patches for VMware NSX and vCenter Security Flaws"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\">\n<div id=\"layout-605fcf9a-ed1b-4822-9499-7f961bbdc657\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A set of substantial security updates for VMware NSX and vCenter has been released by Broadcom, addressing multiple high-severity vulnerabilities that could expose enterprise systems to cyberattacks.<\/p>\n<p>The flaws, disclosed in the latest VMware vCenter and NSX updates<em>, <\/em>address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252), that\u00a0were reported by the US National Security Agency and independent security researchers.<\/p>\n<p>They affect several Broadcom products, including VMware Cloud Foundation, NSX-T and VMware Telco Cloud Platform.<\/p>\n<p>One of the most severe issues, tracked as CVE-2025-41250, is an SMTP header injection bug in vCenter. With a CVSSv3 base score of 8.5, it allows attackers with non-administrative privileges to modify email notifications associated with scheduled tasks. Broadcom said no workarounds are available\u00a0and users should apply the fixed versions immediately.<\/p>\n<p>Two other flaws in VMware NSX, CVE-2025-41251 and CVE-2025-41252, stem from weaknesses in the authentication process. Both enable unauthenticated attackers to enumerate valid usernames, a step that could support brute-force or unauthorized login attempts.<\/p>\n<p>\u201cBased on the information at hand, these vulnerabilities might be combined to create a viable attack path from unauthenticated reconnaissance to authenticated compromise,\u201d\u00a0said Mayuresh Dani, security research manager at Qualys Threat Research Unit.<\/p>\n<p>\u201cOnce authenticated (considering limited privileges), threat actors will exploit the vCenter SMTP header injection to potentially redirect sensitive communication and escalate their privileges.\u201d<\/p>\n<p><em>Read more on cybersecurity patch management: Seven Steps to Building a Mature Vulnerability Management Program<\/em><\/p>\n<p>The vulnerabilities are classified as \u201cHigh\u201d\u00a0with CVSS scores ranging from 7.5 to 8.5. The weaknesses affect a wide span of VMware infrastructure solutions used in enterprise and telecom environments.<\/p>\n<p>According to the Broadcom\u00a0advisory, the following products are impacted:<\/p>\n<ul>\n<li>\n<p>VMware NSX<\/p>\n<\/li>\n<li>\n<p>NSX-T<\/p>\n<\/li>\n<li>\n<p>VMware Cloud Foundation<\/p>\n<\/li>\n<li>\n<p>VMware vCenter Server<\/p>\n<\/li>\n<li>\n<p>VMware Telco Cloud Platform<\/p>\n<\/li>\n<li>\n<p>VMware Telco Cloud Infrastructure<\/p>\n<\/li>\n<\/ul>\n<p>\u201cThe two NSX bugs allow unauthenticated users to confirm which usernames exist on a system,\u201d\u00a0explained Jason Soroko, senior fellow at Sectigo.<\/p>\n<p>\u201cEven without direct code execution, these kinds of flaws are attractive building blocks that adversaries combine with weak or reused credentials to pivot deeper, which helps explain why an intelligence agency would flag them despite High, rather than Critical, ratings.\u201d<\/p>\n<h2>Broader Disclosure<\/h2>\n<p>Alongside these patches, Broadcom also revealed three other vulnerabilities in VMware Aria Operations and VMware Tools.<\/p>\n<p>These flaws (CVE-2025-41244, CVE-2025-41245, CVE-2025-41246) could allow attackers to escalate privileges to root, steal credentials\u00a0or access guest VMs.<\/p>\n<p>\u201cThe last time the NSA reported VMware vulnerabilities was when Russian state-sponsored actors were actively exploiting them,\u201d\u00a0Dani noted, referencing <u>CVE-2020-4006<\/u>.<\/p>\n<p>\u201cThis suggests the agency may have intelligence indicating potential exploitation interest from nation-state actors.\u201d<\/p>\n<p>At the time of publication, Soroko clarified: \u201cThere is no public confirmation that the NSX username enumeration bugs or the vCenter SMTP header injection were exploited in the wild.\u201d<\/p>\n<p>Still, administrators are urged to update affected systems as soon as possible to mitigate risks. Fixed versions and documentation are available through Broadcom\u2019s support site.<\/p>\n<\/p><\/div>\n<p>Image\u00a0credit: CryptoFX \/ Shutterstock.com<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A set of substantial security updates for VMware NSX and vCenter has been released by Broadcom, addressing multiple high-severity vulnerabilities that could expose enterprise systems to cyberattacks. The flaws, disclosed in the latest VMware vCenter and NSX updates, address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252), that\u00a0were reported by the US National Security Agency and independent security<\/p>\n","protected":false},"author":2,"featured_media":3055,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3054","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3054-cc4ff28b-28ea-4d15-8eb9-8a92e483d719-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=3054"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3054\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/3055"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=3054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=3054"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=3054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}