Summary
| Vulnerability Name | VMware vCenter Server Authenticated Command-Execution Vulnerability (CVE-2025-41225) |
|---|---|
| Released on | May 21, 2025 |
| Affected Component | VMware vCenter |
| Affected Version | vCenter Server 7.0 < 7.0 U3v vCenter Server 8.0 < 8.0 U3e |
| Vulnerability Type | Command execution |
| Exploitation Condition |
|
| Impact | Exploitation difficulty: easy. Attackers with specific privileges can exploit this vulnerability to execute arbitrary commands. Severity: high-risk. This vulnerability may lead to arbitrary command execution. |
| Official Solution | Available |
About the Vulnerability
Component Introduction VMware vCenter is a type of advanced server management software that provides a centralized platform for controlling vSphere environments for visibility across hybrid clouds. Vulnerability Description On May 21, 2025, Sangfor FarSight Labs received notification of the authenticated command-execution vulnerability in VMware vCenter (CVE-2025-41225), classified as high-risk in threat level. Specifically, VMware vCenter Server contains a command execution vulnerability. Attackers with privileges to create or modify alarms and run scripts can exploit this vulnerability to run arbitrary commands on the vCenter Server, leading to server compromises.
Affected Versions
The following VMware vCenter versions are affected: vCenter Server 7.0 < 7.0 U3v vCenter Server 8.0 < 8.0 U3e vCenter Server of other earlier versions that are no longer maintained
Solutions
Official Solution
Security patches have been officially released to fix the vulnerability. Affected users are advised to apply one of the following patches at the earliest opportunity:
vCenter Server 7.0 U3v
vCenter Server 8.0 U3e
Since other earlier versions of vCenter Server are also affected, users of such versions are advised to apply the 7.0 or 8.0 security patch as needed.
Download links:
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/vcenter-server-update-and-patch-release-notes/vsphere-vcenter-server-80u3e-release-notes.html
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/vcenter-server-update-and-patch-releases/vsphere-vcenter-server-70u3v-release-notes.html
Sangfor Solutions
Risky Asset Discovery
The following Sangfor products can conduct proactive detection on VMware vCenter to discover affected assets in batches in business scenarios:
Sangfor Host Security: The corresponding asset discovery solution has been released. The fingerprint ID is 0010456.
Sangfor TSS: The corresponding asset discovery solution has been released. The fingerprint ID is 0010456.
Timeline
On May 21, 2025, Sangfor FarSight Labs received notification of the authenticated command-execution vulnerability in VMware vCenter (CVE-2025-41225).
On May 21, 2025, Sangfor FarSight Labs released a vulnerability alert.
References
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
