CVE-2025-41250

Published Sep 29, 2025

Last updated 5 months ago

CVSS high 8.5
SMTP

Overview

Description
VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.
Source
security@vmware.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.5
Impact score
4.7
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Severity
HIGH

Weaknesses

security@vmware.com
CWE-77

Social media

Hype score
Not currently trending

  1. CVE-2025-41250 (CVSS:8.5, HIGH) is Awaiting Analysis. VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on ..https://t.co/mRPxq6pUma #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    4 Oct 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. VMware has patched 3 critical flaws (CVE-2025-41250/51/52) in vCenter & NSX. Bugs allow SMTP injection & username leaks, enabling credential theft and access risks. NSA flagged 2 issues. Patch now to secure infra: https://t.co/4Z2vJpOqNf #infosec #CybersecurityNews #vul

    @rewterz

    2 Oct 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Broadcom lanzó el boletín VMSA-2025-0016 corrigiendo tres vulnerabilidades críticas en VMware vCenter y NSX/NSX-T (CVSS 7.5–8.6): CVE-2025-41250 permite inyección de encabezados SMTP en vCenter, CVE-2025-41251 facilita la recuperación de contraseñas y enumeración de usua

    @tpx_Security

    1 Oct 2025

    94 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️Múltiples vulnerabilidades en productos VMware ❗CVE-2025-41250 ❗CVE-2025-41251 ❗CVE-2025-41246 ➡️Más info: https://t.co/fat5rhuItN https://t.co/eioXumJBwL

    @CERTpy

    30 Sept 2025

    141 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨🚨VMware vCenter and NSX Vulnerabilities CVE-2025-41250 (CVSS 8.5): vCenter SMTP Header Injection. Non-admins with task creation rights can alter notification emails. CVE-2025-41251 (CVSS 8.1): NSX Weak Password Recovery. Unauthenticated attackers can enumerate usernames fo

    @zoomeye_team

    30 Sept 2025

    1899 Impressions

    6 Retweets

    19 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨🚨VMware vCenter and NSX Vulnerabilities CVE-2025-41250 (CVSS 8.5): vCenter SMTP Header Injection. Non-admins with task creation rights can alter notification emails. CVE-2025-41251 (CVSS 8.1): NSX Weak Password Recovery. Unauthenticated attackers can enumerate usernames fo

    @zoomeye_team

    30 Sept 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. [CVE-2025-41250: HIGH] VMware vCenter vulnerability allows non-admin actors to manipulate notification emails for scheduled tasks due to SMTP header injection flaw. #CyberSecurity#cve,CVE-2025-41250,#cybersecurity https://t.co/wngwNLL2RT https://t.co/L23X9dbdtu

    @CveFindCom

    29 Sept 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-41250 VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled… https://t.co/PBipGSz89p

    @CVEnew

    29 Sept 2025

    277 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.CVE-2026-26093
  2. SmarterTools SmarterMail Missing Authentication for Critical Function VulnerabilityCVE-2026-24423
  3. Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (`\r`) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude `\r` and `\n` when used inside a character class. Version 1.28.3 fixes this issue.CVE-2026-23829
  4. The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the __construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated attackers to read arbitrary logged emails sent through the Post SMTP plugin, including password reset emails containing password reset links, which can lead to account takeover.CVE-2025-11833
  5. Libraesva Email Security Gateway Command Injection VulnerabilityCVE-2025-59689

References

Sources include official advisories and independent security research.