Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts.
Impact: Username enumeration → facilitates unauthorized access.
Attack Vector: Remote, unauthenticated.
Severity: Important.
CVSSv3: 7.5 (High).
Acknowledgments: Reported by the National Security Agency.
Affected Products:
* VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x
* NSX-T 3.x
* VMware Cloud Foundation (with NSX) 5.x, 4.5.x
Fixed Versions:
* NSX 9.0.1.0, 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 , 4.1.2.7, NSX-T 3.2.4.3, CCF async patch (KB88287).
Workarounds: None.
Published: 2025-09-29
CVSS: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Download Exploit for CVE-2025-41252 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-747-cve-2023-20187/
https://augustaverburg.nl/exploit-407-cve-2011-0609/
https://augustaverburg.nl/exploit-656-cve-2018-8653/