CVE-2025-41250

Name of the Vulnerable Software and Affected Versions VMware vCenter (affected versions not specified)

Description VMware vCenter contains an SMTP header injection vulnerability. An attacker with non-administrative privileges on vCenter, who has permission to create scheduled tasks, may be able to manipulate the notification emails sent for scheduled tasks. This allows for the crafting of malicious email notifications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.