CVE-2025-41250HIGH 8.5EPSS p45.1%

CVE-2025-41250CVE-2025-41250

Description

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

Scoring

CVSS 3.18.5 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
EPSS0.62% probability of exploitation · percentile 45.1% · 2026-06-19T12:03:05Z
Published2025-09-29
Last modified2026-04-15

Underlying weaknesses· 1

CWE-77

References

  1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41225
CVE
VMware vCenter Server Remote Code Execution Vulnerability
CVE
VMware vCenter Server Information Disclosure Vulnerability
CVE
VMware vCenter Server Privilege Escalation Vulnerability
CVE
VMware vCenter Server Incorrect Default File Permissions Vulnerability
CVE
VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.