{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-41252","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2025-04-16T09:30:25.625Z","datePublished":"2025-09-29T19:02:07.283Z","dateUpdated":"2025-09-29T19:14:38.914Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"NSX","vendor":"VMware","versions":[{"status":"affected","version":"VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x","versionType":"custom"},{"status":"affected","version":"VMware NSX-T 3.x","versionType":"custom"},{"status":"affected","version":"VMware Cloud Foundation (with NSX) 5.x, 4.5.x"},{"status":"unaffected","version":"VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p><b></b></p><p>Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.</p>\n<p>Impact: Username enumeration → facilitates unauthorized access.</p>\n<p>Attack Vector: Remote, unauthenticated.</p>\n<p>Severity: Important.</p>\n<p>CVSSv3: 7.5 (High).</p>\n<p>Acknowledgments: Reported by the National Security Agency.</p>\n<p>Affected Products:</p><p></p><ul><li>VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x<br></li><li>NSX-T 3.x<br></li><li>VMware Cloud Foundation (with NSX) 5.x, 4.5.x<br></li></ul><p></p>\n\n\n<p><br></p>\n<p>Fixed Versions:&nbsp;</p><p></p><ul><li>NSX 9.0.1.0; <a target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\">4.2.2.2/4.2.3.1</a>; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).<br></li></ul><p></p>\n<p>Workarounds: None.</p><br>"}],"value":"Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.\n\n\nImpact: Username enumeration → facilitates unauthorized access.\n\n\nAttack Vector: Remote, unauthenticated.\n\n\nSeverity: Important.\n\n\nCVSSv3: 7.5 (High).\n\n\nAcknowledgments: Reported by the National Security Agency.\n\n\nAffected Products:\n\n\n\n  *  VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\n  *  NSX-T 3.x\n\n  *  VMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\n\n\n\n\n\n\n\n\n\n\n\nFixed Versions: \n\n\n\n  *  NSX 9.0.1.0;  4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\n\n\n\n\n\n\nWorkarounds: None."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-203","description":"CWE-203 Observable Discrepancy","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2025-09-29T19:02:07.283Z"},"references":[{"url":"https://https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"}],"source":{"discovery":"UNKNOWN"},"title":"Username enumeration vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-29T19:14:25.259914Z","id":"CVE-2025-41252","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-29T19:14:38.914Z"}}]}}