Security Advisory

CVE-2025-41250

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-29 17:44:27

Last updated 2026-02-26 17:47:51

Assigner vmware

State PUBLISHED

Description

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

← Browse all CVEs View on cve.org ↗