NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

Posted on By CWS

Broadcom-owned VMware on Tuesday rolled out pressing patches for 2 units of flaws that expose its flagship infrastructure software program to information leakage, command execution and denial-of-service assaults, with no short-term workarounds out there. 

The virtualization expertise big pushed out two separate bulletins documenting at the least 7 vulnerabilities within the VMware Cloud Basis, VMware ESXi, vCenter Server, Workstation, and Fusion product traces.

The extra pressing advisory, VMSA-2025-0009, credit the NATO Cyber Safety Centre for reporting three safety defects in VMware Cloud Basis. The very best-rated, CVE-2025-41229, is a directory-traversal problem that scores 8.2/10 on the CVSS scale.

“A malicious actor with community entry to port 443 on VMware Cloud Basis might exploit this problem to entry sure inside providers,” the corporate warned.

VMware additionally shipped patches for an information-disclosure bug (CVSS 7.5) and a missing-authorisation error (CVSS 7.3) in VMware Cloud Basis, a product utilized by enterprises to construct and handle personal clouds.

Prospects are urged to improve instantly to VMware Cloud Basis 5.2.1.2

VMware additionally pushed out a second bulletin (VMSA-2025-0010) with documentation for 4 vulnerabilities throughout ESXi, vCenter Server, Workstation and Fusion. 

The headline problem is CVE-2025-41225, an authenticated command-execution flaw in vCenter that carries a CVSS 8.8 score. VMware warns that an attacker who can create or modify alarms can run arbitrary instructions on the administration airplane. Commercial. Scroll to proceed studying.

The opposite three bugs embrace two denial-of-service circumstances (CVSS 6.8 and 5.5) and a mirrored XSS in each ESXi and vCenter (CVSS 4.3).

As with the Cloud Basis flaws, VMware lists no mitigations past upgrading. There is no such thing as a point out of in-the-wild exploits for any of those flaws.

Associated: VMware Discloses Exploitation of Onerous-to-Repair vCenter Server Flaw

Associated: VMware Struggles to Repair Flaw Exploited at Chinese language Hacking Contest

Associated: VMware Patches RCE Flaw Present in Chinese language Hacking Contest

Associated: Microsoft Says Ransomware Gangs Exploiting VMware ESXi Flaw

Security Week News Tags:, , , , , , ,

Related Posts

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack Security Week News
Russian APT Exploiting Mail Servers Against Government, Defense Organizations Security Week News
Adobe Patches Big Batch of Critical-Severity Software Flaws Security Week News
Google Finds Data Theft Malware Used by Russian APT in Select Cases Security Week News
In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach Security Week News
Printer Company Procolored Served Infected Software for Months Security Week News