CVE-2025-41225

Name of the Vulnerable Software and Affected Versions vCenter Server (affected versions not specified)

Description An authenticated command-execution issue exists where a malicious actor with privileges to create or modify alarms and run script actions can execute arbitrary commands on the server. This occurs due to the failure to neutralize special elements used in operating system commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.