Publication Date: May 20, 2025
Severity Rating: High
Affected Product: VMware Cloud Foundation (Versions 4.5.x and 5.x)
CVE Identifiers: CVE-2025-41229, CVE-2025-41230, CVE-2025-41231
CVSS Scores: 7.3 – 8.2
Executive Summary
Critical security vulnerabilities have been discovered in VMware Cloud Foundation, posing significant risks. These include directory traversal (CVE-2025-41229, CVSS 8.2), information disclosure (CVE-2025-41230, CVSS 7.5), and missing authorization (CVE-2025-41231, CVSS 7.3). Immediate patching is strongly recommended as no temporary mitigations are currently available.
Vulnerability Analysis and Remediation
- CVE-2025-41229: Directory Traversal (CVSS 8.2)
- Impact: Unauthorized network access to internal services via port 443.
- Resolution: Upgrade to Cloud Foundation version 5.2.1.2. For version 4.5.x, consult KB398008.
- CVE-2025-41230: Information Disclosure (CVSS 7.5)
- Impact: Potential disclosure of sensitive information through network access to port 443.
- Resolution: Implement updates as detailed in the official VMware advisory.
- CVE-2025-41231: Missing Authorization (CVSS 7.3)
- Impact: Potential for unauthorized actions and limited data access by attackers with Cloud Foundation appliance access.
- Resolution: Patches are available for all affected versions.
Affected Versions and Fixed Versions
| Version | CVE Identifiers | Fixed Version |
| VMware Cloud Foundation 5.x | 41229, 41230, 41231 | 5.2.1.2 |
| VMware Cloud Foundation 4.5.x | 41229, 41230, 41231 | Refer to KB398008 |
Required Action
Due to the lack of workarounds, immediate upgrade to the specified fixed versions is crucial.
Detection and Prevention
Léargas Security strongly advises immediate attention to the VMware Cloud Foundation Security Advisory (VMSA-2025-0009) which details multiple high-severity vulnerabilities. Given the critical nature of these flaws, it is imperative that organizations prioritize the patching of their VMware Cloud Foundation environments as soon as possible. In the interim, and as a crucial security measure, Léargas Security recommends diligent monitoring of all network traffic to and from VMware infrastructure components and limiting connections to the infrastructure. This enhanced monitoring will aid in the early detection of any malicious activity that may attempt to exploit these vulnerabilities before patches can be applied. Furthermore, organizations should invoke their emergency patching procedures to expedite the deployment of the necessary updates released by VMware.
References
- VMSA Advisory: VMSA-2025-0009
- VMware Cloud Foundation 5.2.1.2 Release Notes
- CVE Details:
- CVE-2025-41229
- CVE-2025-41230
- CVE-2025-41231
External Resources
- VMSA-2025-0009 Advisory: https://www.vmware.com/security/advisories/VMSA-2025-0009.html
- Cloud Foundation 5.2.1.2 Notes: https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-5-2-and-earlier/5-2/vcf-release-notes/vmware-cloud-foundation-521-release-notes.html
