CVE-2025-41231
published 2025-05-20CVE-2025-41231: VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to…
high7.3CVSS 3.1
AVLACLPRNUINSUCHILAL
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 4.5 < 4.5.2 | 4.5.2 |
| vmware | cloud_foundation | >= 5.0 < 5.2.1.2 | 5.2.1.2 |