Main Vulnerability Database Vulnerabilities #VU116193

#VU116193 Input validation error in vCenter Server - CVE-2025-41250

Published: September 30, 2025

Vulnerability identifier: #VU116193

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2025-41250

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
vCenter Server

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote user to perform phishing attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user who has permission to create scheduled tasks can inject arbitrary SMTP headers and manipulate the notification emails sent for scheduled tasks.

Remediation

Install updates from vendor's website.

External links

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

#VU116193 Input validation error in vCenter Server - CVE-2025-41250

Description

Remediation

External links

Please verify you're human