Broadcom Patches Critical VMware Security Flaws

Broadcom has rolled out significant security updates for its VMware NSX and vCenter products, targeting multiple high-severity vulnerabilities that could leave enterprise systems open to cyberattacks. These newly identified security gaps, which impact a range of widely used virtualization and cloud infrastructure platforms, require immediate attention from system administrators.

The vulnerabilities, assigned identifiers CVE-2025-41250, CVE-2025-41251, and CVE-2025-41252, were brought to light through reports from the US National Security Agency as well as independent security researchers. They affect several Broadcom offerings, including VMware Cloud Foundation, NSX-T, and the VMware Telco Cloud Platform.

One of the most serious issues is CVE-2025-41250, an SMTP header injection flaw discovered within vCenter. This vulnerability carries a CVSSv3 base score of 8.5 and enables attackers who already possess non-administrative access to alter the email notifications linked to scheduled tasks. Broadcom has stated that no viable workarounds exist for this flaw, making it essential for users to install the patched software versions without delay.

Two additional vulnerabilities, CVE-2025-41251 and CVE-2025-41252, are present in VMware NSX and stem from authentication process weaknesses. Both permit unauthenticated attackers to enumerate valid usernames on a system. This type of information disclosure is often a critical first step that supports subsequent brute-force attacks or unauthorized login attempts.

Security experts point out that these vulnerabilities could be chained together to form a dangerous attack sequence. “Based on the information at hand, these vulnerabilities might be combined to create a viable attack path from unauthenticated reconnaissance to authenticated compromise,” explained Mayuresh Dani, a security research manager at Qualys Threat Research Unit. He further elaborated that once an attacker gains limited authenticated access, they could then leverage the vCenter SMTP header injection to potentially redirect sensitive communications and work toward escalating their system privileges.

All of these security flaws are rated as High severity, with CVSS scores between 7.5 and 8.5. They affect a wide range of VMware infrastructure solutions widely deployed across both enterprise and telecommunications environments.

The confirmed impacted product is VMware NSX.

Jason Soroko, Senior Fellow at Sectigo, explained the risk associated with the NSX username enumeration bugs:

“The two NSX bugs allow unauthenticated users to confirm which usernames exist on a system. Even without direct code execution, these kinds of flaws are attractive building blocks that adversaries combine with weak or reused credentials to pivot deeper, which helps explain why an intelligence agency would flag them despite High, rather than Critical, ratings.”

In a related disclosure, Broadcom also addressed three additional vulnerabilities found in VMware Aria Operations and VMware Tools. Tracked as CVE-2025-41244, CVE-2025-41245, and CVE-2025-41246, these issues could allow attackers to:

• Escalate privileges to root level
• Steal credentials
• Gain access to guest virtual machines

The NSA’s involvement in reporting these flaws has raised concerns within the cybersecurity community. As researcher Dani noted:

“The last time the NSA reported VMware vulnerabilities was when Russian state-sponsored actors were actively exploiting them. This suggests the agency may have intelligence indicating potential exploitation interest from nation-state actors.”

Currently, there is no public evidence that these VMware vulnerabilities have been actively exploited in real-world attacks. However, given their potential severity, administrators are strongly urged to apply patches promptly. Fixed software versions and detailed remediation guidance are available through Broadcom’s official support portal.

(Source: Info Security)