VMSA-2025-0009 – VMware Cloud Foundation – Multiple Vulnerabilities
VMware by Broadcom has released VMware Cloud Foundation updates to address multiple vulnerabilities CVE-2025-41229, CVE-2025-41230, CVE-2025-41231.
Multiple vulnerabilities in VMware Cloud Foundation were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
Impacted Products:
- VMware Cloud Foundation
CVE-2025-41229 | VMware Cloud Foundation Directory Traversal Vulnerability
Description:
VMware Cloud Foundation contains a directory traversal vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.2. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services.
Resolution:
To remediate CVE-2025-41229 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.
CVE-2025-41230 | VMware Cloud Foundation Information Disclosure Vulnerability
Description:
VMware Cloud Foundation contains an information disclosure vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.
Resolution:
To remediate CVE-2025-41230 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.
CVE-2025-41231 | VMware Cloud Foundation Missing Authorisation Vulnerability
Description:
VMware Cloud Foundation contains a missing authorisation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
Resolution:
Response Matrix:
| VMware Product | Version | CVE | Severity | Fixed Version | Workarounds |
|---|---|---|---|---|---|
| VMware Cloud Foundation | 5.x | CVE-2025-41229, CVE-2025-41230, CVE-2025-41231 | Important | 5.2.1.2 | None |
| VMware Cloud Foundation | 4.5.x | CVE-2025-41229, CVE-2025-41230, CVE-2025-41231 | Important | KB398008 | None |
You can also check my VMware Product Release page for more information regarding released products, release notes, and download links.
Sources:
Broadcom Blog Post
VMware Cloud Foundation 5.2.1.2
