Vulnerability Database

319,897

Total vulnerabilities in the database

CVE-2025-41252

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.

Impact: Username enumeration → facilitates unauthorized access.

Attack Vector: Remote, unauthenticated.

Severity: Important.

CVSSv3: 7.5 (High).

Acknowledgments: Reported by the National Security Agency.

Affected Products:

VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x
NSX-T 3.x
VMware Cloud Foundation (with NSX) 5.x, 4.5.x

Fixed Versions:

NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).

Workarounds: None.

Published: Sep 29, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-41252
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-203

Affected Software
References

No affected software listed.

https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo