VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
CVE ID: CVE-2025-41231
CVSS Base Severity: HIGH
CVSS Base Score: 7.3
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vendor: n/a
Product: VMware Cloud Foundation
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 3.34% (scored less or equal to compared to others)
EPSS Date: 2025-06-18 (when was this score calculated)