CVE-2025-41225

High CVSS: 8.8

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.

Vendor

Product

CWE

CWE-78

Yayın Tarihi

2025-05-20 15:16:07

Güncelleme

2025-05-21 20:25:16

Source Identifier

security@vmware.com

KEV Date Added

Kategoriler

CWE-78 HIGH 2025

Referanslar

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717