By Lerpong Intaraworrpath | October 4th, 2025
VMSA-2025-0016: VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252)
| Advisory ID: | VMSA-2025-0016 |
| Advisory Severity: | Important |
| CVSSv3 Range: | 7.5 -8.5 |
| Synopsis: | VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252) |
| Issue date: | 2025-09-29 |
| Updated on: | 2025-09-29 (Initial Advisory) |
| CVE(s) | CVE-2025-41250, CVE-2025-41251, CVE-2025-41252 |
Impacted Products:
- VMware NSX – 4.2.x, 4.1.x, 4.0.x
- NSX-T – 3.x
- VMware Cloud Foundation – 9.x.x.x, 5.x, 4.5.x
- VMware vCenter Server -8.0, 7.0
- VMware Telco Cloud Platform – 5.x, 4.x, 3.x, 2.x
- VMware Telco Cloud Infrastructure – 3.x, 2.x
Introduction
Multiple vulnerabilities in VMware vCenter and NSX were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products.
A.vCenter SMTP header injection vulnerability (CVE-2025-41250)
B.NSX weak password recovery mechanism vulnerability (CVE-2025-41251)
C.NSX username enumeration vulnerability (CVE-2025-41252)