CVE-2025-41252

Name of the Vulnerable Software and Affected Versions VMware NSX versions 9.x.x.x VMware NSX versions 4.0.x through 4.2.x VMware NSX version 4.1.x NSX-T versions 3.x VMware Cloud Foundation (with NSX) versions 4.5.x and 5.x

Description VMware NSX contains a username enumeration issue. A remote, unauthenticated attacker may be able to enumerate valid usernames, which could lead to unauthorized access attempts. The National Security Agency reported this issue.

Recommendations VMware NSX version 9.0.1.0 VMware NSX versions 4.2.2.2 and 4.2.3.1 VMware NSX version 4.1.2.7 NSX-T version 3.2.4.3 VMware Cloud Foundation (with NSX) with CCF async patch (KB88287)