Broadcom’s VMware division has disclosed vital safety vulnerabilities in its virtualization merchandise, together with a high-severity flaw that might enable authenticated customers to execute arbitrary instructions on affected techniques.
At this time’s safety advisory addresses 4 distinct vulnerabilities affecting a number of VMware merchandise with severity scores starting from Reasonable to Essential.
Vital Command Execution Vulnerability
Essentially the most extreme vulnerability, CVE-2025-41225, impacts VMware vCenter Server and carries a CVSS rating of 8.8. This authenticated command-execution vulnerability permits malicious actors with privileges to create or modify alarms and run script actions to execute arbitrary instructions on the vCenter Server.
Safety specialists take into account this vulnerability notably harmful because it offers attackers with a direct path to compromise core virtualization administration infrastructure.
“This vulnerability represents a major threat to enterprise environments the place vCenter Server manages vital workloads,” mentioned a spokesperson from the VMware safety group. “Organizations ought to prioritize patching instantly to forestall potential exploitation.”
Different Vulnerabilities Patched
The advisory additionally addresses three different safety flaws:
CVE-2025-41226: A denial-of-service vulnerability in ESXi when performing visitor operations (CVSS rating of 6.8). This vulnerability permits attackers with visitor working privileges to create denial-of-service situations affecting digital machines operating VMware Instruments.
CVE-2025-41227: A denial-of-service vulnerability in Workstation, Fusion, and ESXi as a result of sure visitor choices (CVSS rating of 5.5). Non-administrative customers inside a visitor working system can exploit this subject by exhausting reminiscence assets of the host course of.
CVE-2025-41228: A mirrored cross-site scripting vulnerability in ESXi and vCenter Server login pages (CVSS rating of 4.3). Attackers with community entry to particular URL paths can exploit this subject to steal cookies or redirect customers to malicious web sites.
The vulnerabilities affect a variety of VMware merchandise, together with ESXi 7.0 and eight.0, vCenter Server 7.0 and eight.0, and Workstation 17.x, Fusion 13.x, VMware Cloud Basis, Telco Cloud Platform, and Telco Cloud Infrastructure.
VMware has launched updates to handle these vulnerabilities. For vCenter Server, customers ought to replace to model 8.0 U3e or 7.0 U3v, relying on their present model.
ESXi clients ought to apply patches ESXi80U3se-24659227 (for model 8.0) or ESXi70U3sv-24723868 (for model 7.0). VMware Workstation and Fusion customers ought to replace to variations 17.6.3 and 13.6.3, respectively.
This advisory comes amid rising consideration on VMware product safety. Earlier this month, Broadcom addressed three different important vulnerabilities within the VMware Cloud Basis platform that allowed attackers to achieve unauthorized entry to delicate data and inner providers.
In March, Broadcom issued an advisory addressing three vital exploited vulnerabilities in VMware ESXi that, when chained collectively, allowed attackers to entry hypervisors by operating digital machines.
All organizations operating affected VMware merchandise ought to implement the supplied patches instantly, as no workarounds can be found for these vulnerabilities.
Given VMware’s dominant place in enterprise virtualization, these vulnerabilities characterize important dangers to organizational safety postures.
Equip your SOC group with deep risk evaluation for sooner response -> Get Additional Sandbox Licenses for Free
