A denial of service vulnerability, identified as CVE-2025-41241, has been discovered within VMware vCenter.
Broadcom has evaluated this issue as having a moderate severity rating, with a CVSSv3 base score of 4.4. While this isn't a high-severity critical flaw, it's still an issue that could lead to significant operational disruptions if left unpatched.
Denial of Service vulnerability (CVE-2025-41241)
To trigger this denial of service condition, an attacker would need to be an authenticated user with specific privileges within vCenter. Specifically, they would need permission to perform API calls for guest OS customization. Once they have this access, they could exploit the flaw to create a denial of service condition, which would disrupt the availability of your vCenter services.
The fix for this vulnerability is already available. To resolve the CVE-2025-41241 vulnerability, apply the patches listed in the Fixed Version column of the Response Matrix.
VMware vCenter fixes
Applying this patch is strongly recommended to prevent any potential disruptions to your vCenter environment. Staying proactive with security updates is the best defense against these kinds of issues.
