CVE-2025-41250 - Vulnerability Details - OpenCVE

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Vmware	Cloud Foundation Vcenter Vsphere

No data.

No data.

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

History

Tue, 30 Sep 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vmware Vmware cloud Foundation Vmware vcenter Vmware vsphere
Vendors & Products		Vmware Vmware cloud Foundation Vmware vcenter Vmware vsphere

Mon, 29 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 29 Sep 2025 18:00:00 +0000

Type	Values Removed	Values Added
Description		VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.
Title		Header injection vulnerability
Weaknesses		CWE-77
References		https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150
Metrics		cvssV3_1 `{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2025-09-29T17:44:27.967Z

Updated: 2025-09-30T03:55:12.416Z

Reserved: 2025-04-16T09:30:25.625Z

Link: CVE-2025-41250

Vulnrichment

Updated: 2025-09-29T18:00:27.121Z

NVD

Status : Awaiting Analysis

Published: 2025-09-29T18:15:31.460

Modified: 2025-09-29T19:34:10.030

Link: CVE-2025-41250

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41250", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-04-16T09:30:25.625Z", "datePublished": "2025-09-29T17:44:27.967Z", "dateUpdated": "2025-09-30T03:55:12.416Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "vCenter", "vendor": "VMware", "versions": [{"lessThan": "8.0 U3g", "status": "affected", "version": "8.0", "versionType": "custom"}, {"lessThan": "7.0 U3w", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Cloud Foundation", "vendor": "VMware", "versions": [{"lessThan": "9.0.1.0", "status": "affected", "version": "9.x.x.x", "versionType": "custom"}, {"lessThan": "5.2.2", "status": "affected", "version": "5.x", "versionType": "custom"}, {"status": "affected", "version": "4.5.x"}]}, {"defaultStatus": "unaffected", "product": "Telco Cloud Platform", "vendor": "VMware", "versions": [{"status": "affected", "version": "5.x, 4.x, 3.x, 2.x"}]}, {"defaultStatus": "unaffected", "product": "Telco Cloud Infrastructure", "vendor": "VMware", "versions": [{"status": "affected", "version": "3.x, 2.x"}]}, {"defaultStatus": "unaffected", "product": "vSphere Foundation", "vendor": "VMware", "versions": [{"lessThan": "9.0.1.0", "status": "affected", "version": "9.x.x.x", "versionType": "custom"}]}], "datePublic": "2025-09-29T02:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware vCenter contains an SMTP header injection vulnerability. </span>A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>"}], "value": "VMware vCenter contains an SMTP header injection vulnerability.\u00a0A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-09-29T17:54:27.048Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"}], "source": {"discovery": "UNKNOWN"}, "title": "Header injection vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-29T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-41250"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T03:55:12.416Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41250", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-29T18:00:23.983856Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T18:00:27.121Z"}}], "cna": {"title": "Header injection vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "vCenter", "versions": [{"status": "affected", "version": "8.0", "lessThan": "8.0 U3g", "versionType": "custom"}, {"status": "affected", "version": "7.0", "lessThan": "7.0 U3w", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "Cloud Foundation", "versions": [{"status": "affected", "version": "9.x.x.x", "lessThan": "9.0.1.0", "versionType": "custom"}, {"status": "affected", "version": "5.x", "lessThan": "5.2.2", "versionType": "custom"}, {"status": "affected", "version": "4.5.x"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "Telco Cloud Platform", "versions": [{"status": "affected", "version": "5.x, 4.x, 3.x, 2.x"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "Telco Cloud Infrastructure", "versions": [{"status": "affected", "version": "3.x, 2.x"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "vSphere Foundation", "versions": [{"status": "affected", "version": "9.x.x.x", "lessThan": "9.0.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-09-29T02:30:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "VMware vCenter contains an SMTP header injection vulnerability.\u00a0A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware vCenter contains an SMTP header injection vulnerability. </span>A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-09-29T17:54:27.048Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41250", "state": "PUBLISHED", "dateUpdated": "2025-09-29T18:00:34.478Z", "dateReserved": "2025-04-16T09:30:25.625Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-09-29T17:44:27.967Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}