NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

Posted on By CWS

Broadcom-owned VMware on Tuesday rolled out pressing patches for 2 units of flaws that expose its flagship infrastructure software program to information leakage, command execution and denial-of-service assaults, with no short-term workarounds out there. 

The virtualization expertise big pushed out two separate bulletins documenting at the least 7 vulnerabilities within the VMware Cloud Basis, VMware ESXi, vCenter Server, Workstation, and Fusion product traces.

The extra pressing advisory, VMSA-2025-0009, credit the NATO Cyber Safety Centre for reporting three safety defects in VMware Cloud Basis. The very best-rated, CVE-2025-41229, is a directory-traversal problem that scores 8.2/10 on the CVSS scale.

“A malicious actor with community entry to port 443 on VMware Cloud Basis might exploit this problem to entry sure inside providers,” the corporate warned.

VMware additionally shipped patches for an information-disclosure bug (CVSS 7.5) and a missing-authorisation error (CVSS 7.3) in VMware Cloud Basis, a product utilized by enterprises to construct and handle personal clouds.

Prospects are urged to improve instantly to VMware Cloud Basis 5.2.1.2

VMware additionally pushed out a second bulletin (VMSA-2025-0010) with documentation for 4 vulnerabilities throughout ESXi, vCenter Server, Workstation and Fusion. 

The headline problem is CVE-2025-41225, an authenticated command-execution flaw in vCenter that carries a CVSS 8.8 score. VMware warns that an attacker who can create or modify alarms can run arbitrary instructions on the administration airplane. Commercial. Scroll to proceed studying.

The opposite three bugs embrace two denial-of-service circumstances (CVSS 6.8 and 5.5) and a mirrored XSS in each ESXi and vCenter (CVSS 4.3).

As with the Cloud Basis flaws, VMware lists no mitigations past upgrading. There is no such thing as a point out of in-the-wild exploits for any of those flaws.

Associated: VMware Discloses Exploitation of Onerous-to-Repair vCenter Server Flaw

Associated: VMware Struggles to Repair Flaw Exploited at Chinese language Hacking Contest

Associated: VMware Patches RCE Flaw Present in Chinese language Hacking Contest

Associated: Microsoft Says Ransomware Gangs Exploiting VMware ESXi Flaw

Security Week News Tags:, , , , , , ,

Related Posts

Misconfigured HMIs Expose US Water Systems to Anyone with a Browser Security Week News
Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data  Security Week News
Cisco Warns of Hardcoded Credentials in Enterprise Software Security Week News
Lee Enterprises Says 40,000 Hit by Ransomware-Caused Data Breach Security Week News
ConnectWise Discloses Suspected State-Sponsored Hack Security Week News
Virtual Event Today: Threat Detection & Incident Response (TDIR) Summit Security Week News