High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 

Posted on By CWS

Broadcom on Monday introduced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Instruments merchandise, together with 4 high-severity flaws.

Each Aria Operations and VMware Instruments are impacted by a high-severity native privilege escalation bug tracked as CVE-2025-41244.

“A malicious native actor with non-administrative privileges getting access to a VM with VMware Instruments put in and managed by Aria Operations with SDMP enabled could exploit this vulnerability to escalate privileges to root on the identical VM,” the seller explains.

Patches have additionally been rolled out for a medium-severity problem in VMware Aria Operations that would enable attackers to reveal the credentials of different customers (CVE-2025-41245), and a high-severity defect in Instruments for Home windows that would enable attackers to entry different visitor VMs (CVE-2025-41246).

Fixes for these vulnerabilities have been included in Aria Operations model 8.18.5, Cloud Basis and vSphere Basis variations 9.0.1.0 and 13.0.5.0, VMware Instruments variations 13.0.5 and 12.5.4, and Telco Cloud Infrastructure variations 8.18.5 and eight.18.5.

VMware resolved a high-severity SMTP header injection bug (CVE-2025-41250) in vCenter that would enable an authenticated attacker with non-administrative privileges to “manipulate the notification emails despatched for scheduled duties”.

Moreover, it patched two high-severity flaws in NSX that would enable attackers to enumerate legitimate usernames.

The primary, CVE-2025-41251, is described as a weak password restoration mechanism problem that would result in brute-force assaults, whereas the second, CVE-2025-41252, is described as a username enumeration defect that would result in unauthorized entry makes an attempt.Commercial. Scroll to proceed studying.

Cloud Basis and vSphere Basis model 9.0.1.0, vCenter variations 8.0 U3g and seven.0 U3w, Cloud Basis variations 5.2.2 and seven.0 U3w (async patch), NSX variations 4.2.2.2, 4.2.3.1, and 4.1.2.7, and NSX-T model 3.2.4.3 include fixes for these flaws. VMware additionally printed patch directions for Cloud Basis and Telco Cloud Infrastructure.

VMware makes no point out of any of those vulnerabilities being exploited within the wild. Nonetheless, customers are suggested to replace their deployments as quickly as attainable.

Associated: Apple Updates iOS and macOS to Forestall Malicious Font Assaults

Associated: Organizations Warned of Exploited Sudo Vulnerability

Associated: No Patches for Vulnerabilities Permitting Cognex Industrial Digicam Hacking

Associated: Cybersecurity Programs Ramp Up Amid Scarcity of Professionals

Security Week News Tags:, , , , , , ,

Related Posts

APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability Security Week News
Ivanti, Fortinet, Splunk Release Security Updates Ivanti, Fortinet, Splunk Release Security Updates Security Week News
Adobe Patches Nearly 140 Vulnerabilities Adobe Patches Nearly 140 Vulnerabilities Security Week News
Israeli Cyber Fund Glilot Capital Raises 0 Million Israeli Cyber Fund Glilot Capital Raises $500 Million Security Week News
Zafran Security Raises Million in Series C Funding Zafran Security Raises $60 Million in Series C Funding Security Week News
QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland Security Week News