Volerion logoVolerion
Volerion logoVolerion

VMware NSX Weak Password Recovery Mechanism Vulnerability

Vulnerability

A vulnerability exists in VMware NSX due to a weak password recovery mechanism. This flaw allows an unauthenticated malicious actor to enumerate valid usernames, potentially leading to brute-force attacks. The vulnerability is present in VMware NSX versions 9.x.x.x, 4.2.x, 4.1.x, 4.0.x, as well as NSX-T 3.x. It is also affecting VMware Cloud Foundation versions 5.x and 4.5.x.

Impact

Exploitation of this vulnerability could lead to username enumeration, increasing the risk of credential brute-force attacks.

Remediation

Users can upgrade to VMware NSX versions 4.2.2.2, 4.2.3.1, 4.1.2.7, or NSX-T 3.2.4.3. For VMware Cloud Foundation 5.x and 4.5.x, refer to the VMware Cloud Foundation Patching Guide. Instructions for applying these updates can be found in the VMware NSX and VMware Cloud Foundation release notes.

Added: Sep 29, 2025, 7:24 PM
Updated: Sep 29, 2025, 7:42 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
5.0
exploitability
7.0
remediation
7.7
relevance
0.6
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.