Vulnerability Database

319,897

Total vulnerabilities in the database

CVE-2025-41251

VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.

Impact: Username enumeration → credential brute force risk. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 8.1 (High).

Acknowledgments: Reported by the National Security Agency.

Affected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x

NSX-T 3.x VMware Cloud Foundation (with NSX) 5.x, 4.5.x

Fixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287). Workarounds: None.

Published: Sep 29, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-41251
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-640

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

No affected software listed.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo