{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-41251","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2025-04-16T09:30:25.625Z","datePublished":"2025-09-29T18:45:16.614Z","dateUpdated":"2026-02-26T17:47:50.851Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"NSX","vendor":"vmware","versions":[{"status":"affected","version":"VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x","versionType":"custom"},{"status":"affected","version":"VMware NSX-T - 3.x","versionType":"custom"},{"status":"affected","version":"VMware Cloud Foundation (with NSX) - 5.x, 4.5.x","versionType":"custom"},{"status":"unaffected","version":"VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)","versionType":"custom"}]}],"datePublic":"2025-09-29T18:26:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.<br><b><br>Impact:</b>&nbsp;Username enumeration → credential brute force risk.<br><b>Attack Vector:</b>&nbsp;Remote, unauthenticated.<br><b>Severity:</b>&nbsp;Important.<br><b>CVSSv3:</b>&nbsp;8.1 (High).<br><b><br>Acknowledgments:</b>&nbsp;Reported by the National Security Agency.<br><br><b>Affected Products:</b><p>VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x</p>NSX-T 3.x<br>VMware Cloud Foundation (with NSX) 5.x, 4.5.x<br><br><b>Fixed Versions:</b> NSX 9.0.1.0; <a target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\">4.2.2.2/4.2.3.1</a>; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).<br><b>Workarounds:</b> None.<br><ul>\n</ul>\n<br><br><br><br>"}],"value":"VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\n\nImpact: Username enumeration → credential brute force risk.\nAttack Vector: Remote, unauthenticated.\nSeverity: Important.\nCVSSv3: 8.1 (High).\n\nAcknowledgments: Reported by the National Security Agency.\n\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\nNSX-T 3.x\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\nFixed Versions: NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\nWorkarounds: None."}],"impacts":[{"capecId":"CAPEC-50","descriptions":[{"lang":"en","value":"CAPEC-50 Password Recovery Exploitation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-640","description":"CWE-640 Weak Password Recovery Mechanism for Forgotten Password","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2025-09-29T18:45:16.614Z"},"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"}],"source":{"discovery":"UNKNOWN"},"title":"Weak password recovery vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-41251","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-09-30T03:55:13.799400Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:47:50.851Z"}}]}}