CVE-2025-41225

HIGH

VMware vCenter Server 7.0-7.0 U3v, 8.0-8.0 U3e - Authenticated OS Command Injection via Alarm Script Action

Title source: llm

Description

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.

References (1)

Core 1

Core References

Various Sources

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717

Scores

CVSS v3 8.8

EPSS 0.0010

EPSS Percentile 26.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (5)

VMware/Cloud Foundation 5.x, 4.5.x

VMware/Telco Cloud Infrastructure 3.x, 2.x

VMware/Telco Cloud Platform 5.x, 4.x, 3.x, 2.x

VMware/vCenter Server 7.0 - 7.0 U3v

VMware/vCenter Server 8.0 - 8.0 U3e

Published May 20, 2025

Tracked Since Feb 18, 2026