VMSA-2025-0014: VMware vCenter updates address a denial-of-service vulnerability (CVE-2025-41241)

Advisory ID: | VMSA-2025-0014 —|— Advisory Severity: | Moderate CVSSv3 Range: | 4.4 Synopsis: | VMware vCenter updates address a denial-of-service vulnerability (CVE-2025-41241) Issue date: | 2025-07-29 Updated on: | 2025-07-29 (Initial Advisory) CVE(s) | CVE-2025-41241 1. Impacted Products VMware Cloud Foundation VMware vCenter Server VMware Telco Cloud Platform VMware Telco Cloud Infrastructure 2. Introduction A denial-of-service vulnerability in VMware vCenter was privately reported to Broadcom. Updates are available to remediate this vulnerability in affected Broadcom products. 3. vCenter denial-of-service vulnerability (CVE-2025-41241) Description: VMware vCenter contains a denial-of-service vulnerability. Broadcom has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. Known Attack Vectors: A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition. Resolution: To remediate CVE-2025-41241 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds: None Additional Documentation: None Acknowledgments: Broadcom would like to thank Orange-CERT-CC and Orange ops teams for reporting this issue to us Notes: None. Response Matrix: VMware Product | Component | Version | Running On | CVE | CVSSv3 | Severity | Fixed…Read More