What is the impact of the below CVEs if strict restrictions are applied using the DFW firewall, which prevents unauthorized attackers from gaining access to the infrastructure?

CVE-2025-41251 & CVE-2025-41252 vulnerabilities reported in the Advisories below:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

For NSX specifically, there are two vulnerabilities:

• NSX Login Page Error Vulnerability
• NSX Password Reset Vulnerability

For the Login vulnerability: Inconsistent login error messages provide attackers with hints on valid/invalid usernames.

For the password reset vulnerability: API calls to reset passwords have a noticeable response time, where valid usernames take longer to respond than invalid usernames. Hence, guessing valid usernames.

The CVEs have been fixed in NSX 9.0.1.0, 4.2.2.2, 4.2.3.1, 4.1.2.7 and 3.2.4.3 and later versions.

Workaround:

There is no risk if the attacker has NO access to the infrastructure.