VMSA-2025-0014: VMware vCenter updates address a denial-of-service vulnerability (CVE-2025-41241)
35964
30 July 2025
29 July 2025
OPEN
MEDIUM
4.4
None
CVE-2025-41241
| Advisory ID: | VMSA-2025-0014.1 |
| Advisory Severity: | Moderate |
| CVSSv3 Range: | 4.4 |
| Synopsis: | VMware vCenter updates address a denial-of-service vulnerability (CVE-2025-41241) |
| Issue date: | 2025-07-29 |
| Updated on: | 2025-07-30 |
| CVE(s) |
CVE-2025-41241 |
1. Impacted Products
- VMware Cloud Foundation
- VMware vCenter Server
- VMware Telco Cloud Platform
- VMware Telco Cloud Infrastructure
2. Introduction
A denial-of-service vulnerability in VMware vCenter was privately reported to Broadcom. Updates are available to remediate this vulnerability in affected Broadcom products.
3. vCenter denial-of-service vulnerability (CVE-2025-41241)
Description:
VMware vCenter contains a denial-of-service vulnerability. Broadcom has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
Known Attack Vectors:
A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.
Resolution:
To remediate CVE-2025-41241 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None
Additional Documentation:
None
Acknowledgments:
Broadcom would like to thank Orange-CERT-CC, Clément Breuil and Arnaud Magendie from Orange and Orange ops teams for reporting this issue to us.
Notes:
None.
Response Matrix:
|
VMware Product |
Component |
Version |
Running On |
CVE |
CVSSv3 |
Severity |
Fixed Version |
Workarounds |
Additional Documentation |
|---|---|---|---|---|---|---|---|---|---|
|
VMware Cloud Foundation, VMware vSphere Foundation |
vCenter | 9.0.0.0 | Any | CVE-2025-41241 | N/A | N/A | Unaffected | N/A | N/A |
| VMware vCenter | N/A | 8.0 | Any | CVE-2025-41241 | 4.4 | Moderate | 8.0 U3g | None |
None |
| VMware vCenter | N/A | 7.0 | Any | CVE-2025-41241 | 4.4 | Moderate | 7.0 U3v | None | None |
| VMware Cloud Foundation | N/A | 5.x | Any |
CVE-2025-41241 |
4.4 | Moderate | Async patch to 8.0 U3g | None | Async Patching Guide: KB88287 |
| VMware Cloud Foundation | N/A | 4.5.x | Any |
CVE-2025-41241 |
4.4 | Moderate | Async patch to 7.0 U3v | None | Async Patching Guide: KB88287 |
| VMware Telco Cloud Platform | vCenter | 5.x, 2.x | Any |
CVE-2025-41241 |
4.4 | Moderate | KB405542 | None | None |
| VMware Telco Cloud Infrastructure | vCenter | 2.x | Any |
CVE-2025-41241 |
4.4 | Moderate | KB405542 | None | None |
4. References
VMware vCenter 8.0 U3g
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=15964
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/vcenter-server-update-and-patch-release-notes/vsphere-vcenter-server-80u3g-release-notes.html
VMware vCenter 7.0 U3v
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5849
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/vcenter-server-update-and-patch-releases/vsphere-vcenter-server-70u3v-release-notes.html
VMware Cloud Foundation 5.x, 4.5.x
Downloads and Documentation:
https://knowledge.broadcom.com/external/article?legacyId=88287
Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2025-41241
FIRST CVSSv3 Calculator:
CVE-2025-41241: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
5. Change Log:
2025-07-29 VMSA-2025-0014
Initial security advisory.
2025-07-30 VMSA-2025-0014.1
Updated acknowledgements.
6. Contact:
E-mail: [email protected]
PGP key
https://knowledge.broadcom.com/external/article/321551
VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories
VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response
VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle
VMware Security Blog
https://blogs.vmware.com/security
X
https://x.com/VMwareSRC
Copyright 2025 Broadcom. All rights reserved.