VMware has disclosed three critical security vulnerabilities in its vCenter Server and NSX platforms that pose serious risks to enterprise and telco environments. Tracked as CVE-2025-41250, CVE-2025-41251, and CVE-2025-41252, the flaws impact multiple VMware products, including Cloud Foundation, vSphere Foundation, NSX, NSX-T, and Telco Cloud. Assigned CVSS base scores ranging high these vulnerabilities were rated “Important” by Broadcom, VMware’s parent company. The National Security Agency (NSA) reported two of the flaws, highlighting their potential implications for both enterprise and national security, given VMware’s critical role in virtualization and networking infrastructure.

The most severe issue, CVE-2025-41250, is an SMTP header injection vulnerability in vCenter Server with a CVSS score high Exploitation requires authenticated access with task creation permissions, enabling attackers to manipulate system notification emails. By exploiting this flaw, malicious actors could redirect task notifications, inject malicious content, or bypass email security controls, potentially leading to credential theft, social engineering attacks, or unauthorized disclosure of sensitive information. The vulnerability affects vCenter Server versions 7.0, 8.0, and 9.x, along with VMware Cloud Foundation, vSphere Foundation, Telco Cloud Platform (2.x–5.x), and Telco Cloud Infrastructure (2.x–3.x). Broadcom has confirmed that no workarounds exist, making immediate patching essential.

The other two vulnerabilities, CVE-2025-41251 and CVE-2025-41252, affect VMware NSX platforms and allow username enumeration. CVE-2025-41251 stems from a weak password recovery mechanism, while CVE-2025-41252 directly exposes valid usernames to unauthenticated attackers. Both issues enable reconnaissance attacks by revealing valid accounts that adversaries can use in brute-force, password spraying, or credential-stuffing campaigns. Exploitation techniques include analyzing error messages, response times, or system behaviors to distinguish between valid and invalid usernames. The vulnerabilities impact NSX versions 4.0.x through 4.2.x, NSX-T 3.x, and NSX components within Cloud Foundation and Telco Cloud platforms.

To mitigate these risks, Broadcom has released patched versions for affected platforms, including NSX 4.2.2.2, 4.2.3.1, 4.1.2.7, and NSX-T 3.2.4.3. VMware Cloud Foundation users should follow asynchronous patching procedures in KB88287, while Telco Cloud Platform and Infrastructure users should consult KB411518 for update guidance. The NSA’s involvement in reporting underscores the strategic importance of securing VMware environments, as attackers could leverage these flaws for espionage or large-scale cyber campaigns. Organizations are strongly advised to prioritize patch deployment to prevent reconnaissance, email manipulation, and credential-based attacks that could compromise virtualized infrastructure at scale.