CVE-2025-41252

CWE-2034 documents4 sources
Severity
7.5HIGH
EPSS
0.1%
top 80.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware NSX
Timeline
PublishedSep 29

Description

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unauthorized access. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 7.5 (High). Acknowledgments: Reported by the National Security Agency. Affected Products: * VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x * NSX-T 3.x *

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5vmware/nsxVMware Cloud Foundation (with NSX) 5.x, 4.5.x, VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x, VMware NSX-T 3.x+2

🔴Vulnerability Details

2
GHSA
GHSA-2gr4-4mrg-85rh: Description: VMware NSX contains a username enumeration vulnerability2025-09-29
CVEList
Username enumeration vulnerability2025-09-29
CVE-2025-41252 (HIGH CVSS 7.5) | Description: VMware NSX contains a | cvebase.io