CVE-2025-41225
published 2025-05-20CVE-2025-41225: The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script…
high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | — | — |
| vmware | telco_cloud_infrastructure | — | — |
| vmware | telco_cloud_platform | — | — |
| vmware | vcenter_server | >= 7.0 < 7.0 U3v | 7.0 U3v |
| vmware | vcenter_server | >= 8.0 < 8.0 U3e | 8.0 U3e |