Full Report
Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). [...]
Analysis Summary
The provided article describes several vulnerabilities fixed by Broadcom in VMware products, stemming from reports by the NSA and others. The summary below focuses on the **VMware NSX vulnerabilities** reported by the NSA, as they are the primary subject of the initial paragraph, and includes the related vCenter vulnerability noted in the same advisory context.
# Vulnerability: VMware NSX Username Enumeration Flaws (NSA Reported)
## CVE Details
- CVE ID: CVE-2025-41251, CVE-2025-41252 (Note: CVE-2025-41250 is also mentioned for vCenter in the same context)
- CVSS Score: High severity (Specific score not provided, but explicitly stated as "high-severity")
- CWE: [Not explicitly stated, but related to authentication/password recovery mechanisms]
## Affected Systems
- Products: VMware NSX (Networking virtualization solution within VMware Cloud Foundation)
- Versions: [Specific vulnerable versions not provided in text]
- Configurations: Relevant to password recovery mechanism for CVE-2025-41251.
## Vulnerability Description
**CVE-2025-41251:** A weakness in the password recovery mechanism allows unauthenticated attackers to enumerate valid usernames.
**CVE-2025-41252:** A username enumeration vulnerability that allows unauthenticated threat actors to discover valid usernames, which facilitates subsequent unauthorized access attempts.
*(Context Note: The article also mentions **CVE-2025-41250** in VMware vCenter, which allows attackers with non-admin privileges able to create scheduled tasks to manipulate the notification emails sent for those tasks.)*
## Exploitation
- Status: Information on exploitation status is not provided, only that they were reported by the NSA. Assumed likely non-publicly exploited or fixed immediately upon discovery by the NSA.
- Complexity: Low/Medium (Implied, as they are exploitable by unauthenticated attackers for enumeration)
- Attack Vector: Network (Implied, as they relate to remote services/mechanisms)
## Impact
- Confidentiality: Potential for loss if enumeration leads to successful brute-forcing/access.
- Integrity: Potential impact from subsequent unauthorized access.
- Availability: Not the primary initial impact, but could lead to denial of service via account lockouts during brute-forcing.
## Remediation
### Patches
- Broadcom has released security updates addressing these flaws in VMware NSX.
- Specific patched versions are not listed in the text.
### Workarounds
- [No specific workarounds were detailed in the provided text.]
## Detection
- [Specific Indicators of Compromise (IOCs) were not detailed.]
- Detection should involve monitoring authentication logs for high volumes of failed login attempts or unusual requests targeting password recovery endpoints immediately following the patch release.
## References
- Vendor Advisory: Broadcom Security Advisory (published Monday, September 29, 2025, based on article date)
- Relevant links: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150 (Defanged, but this is the advisory link cited)