Published on: July 29, 2025
Advisory ID: VMSA-2025-0014
Severity: Moderate (CVSS Score 4.4)
Products Affected: VMware vCenter Server, Cloud Foundation, Telco Cloud Platform and Infrastructure

Introduction

Broadcom has released a new security advisory—VMSA-2025-0014  to address denial-of-service (DoS) vulnerability affecting VMware vCenter Server. This vulnerability, tracked as CVE-2025-41241.

The flaw has been classified as moderate severity, with CVSSv3 base score of 4.4, and it affects several VMware products, including vCenter Server, VMware Cloud Foundation and Telco Cloud Infrastructure. There are no workarounds available, so patching is the only resolution.

What is CVE-2025-41241?

CVE-2025-41241 is denial-of-service vulnerability in VMware vCenter Server. It allows an authenticated user with the ability to perform specific API calls related to guest OS customization to potentially trigger a DoS condition, causing service disruption.

While the exploit requires authenticated access and elevated privileges, it still poses a risk in enterprise environments where internal threat actors or misconfigured permissions could be exploited.

How Does this Vulnerability Work?

According to the official advisory, an attacker who is authenticated to vCenter and has permissions to run guest OS customization APIs can maliciously craft an API call that leads to system instability or service unavailability.

Although the vulnerability does not allow for remote code execution or data breaches, it can disrupt services, making it especially dangerous in production or multi-tenant environments.

Affected VMware Products

Following are the impacted products and versions:

• VMware vCenter Server 8.0 – Patched in 8.0 U3g
• VMware vCenter Server 7.0 – Patched in 7.0 U3v
• VMware Cloud Foundation 5.x – Patch to 8.0 U3g (Async patching)
• VMware Cloud Foundation 4.5.x – Patch to 7.0 U3v (Async patching)
• VMware Telco Cloud Platform 5.x, 2.x
• VMware Telco Cloud Infrastructure 2.x

Note: VMware vCenter 9.0.0.0 is unaffected by this vulnerability.

Resolution & Patching

Since there are no workarounds available, Broadcom strongly recommends applying the relevant patches as mentioned below:

Fixed Versions

You can access patch downloads and release notes from the official Broadcom support portal.

vCenter 8.0 U3g Patch
vCenter 7.0 U3v Patch
Async Patching Guide for Cloud Foundation

Severity and CVSS Score

• CVSSv3 Base Score: 4.4
• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: High
• User Interaction: None
• Impact (Availability): High

You can analyze the CVSS score using FIRST CVSSv3 Calculator .

While this is not a critical or high-severity issue, service availability in critical infrastructure environments is often mission-critical, hence timely patching is advised.

Best Practices & Recommendations

what you should do if you’re using any of the affected VMware products ?

Immediately patch by Applying the fixed version or async patches as per your environment.

Review User Permissions to Ensure that only authorized users have access to API calls that allow guest customization.

Check Audit Access Logs if any abnormal API usage has occurred recently.

Use monitoring tools to detect service degradation or suspicious activity.

Additional References

CVE Record – CVE-2025-41241
VMware External Vulnerability Response Policy

Conclusion

While CVE-2025-41241 is not the worst vulnerability in VMware, it serves as a reminder that even trusted internal features like API access can pose risks. If you are running vCenter 7.0 or 8.0, or managing infrastructure through VMware Cloud Foundation or Telco Cloud, act now by applying the necessary patches.

Quick fixes not only keep your environment safe from service disruptions but also improve your environment overall security.

Stay Safe, Stay updated!

Explore more relevant articles Here 

Dive into more Posts at vlookuphu