Broadcom on Monday introduced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Instruments merchandise, together with 4 high-severity flaws.
Each Aria Operations and VMware Instruments are impacted by a high-severity native privilege escalation bug tracked as CVE-2025-41244.
“A malicious native actor with non-administrative privileges getting access to a VM with VMware Instruments put in and managed by Aria Operations with SDMP enabled could exploit this vulnerability to escalate privileges to root on the identical VM,” the seller explains.
Patches have additionally been rolled out for a medium-severity problem in VMware Aria Operations that would enable attackers to reveal the credentials of different customers (CVE-2025-41245), and a high-severity defect in Instruments for Home windows that would enable attackers to entry different visitor VMs (CVE-2025-41246).
Fixes for these vulnerabilities have been included in Aria Operations model 8.18.5, Cloud Basis and vSphere Basis variations 9.0.1.0 and 13.0.5.0, VMware Instruments variations 13.0.5 and 12.5.4, and Telco Cloud Infrastructure variations 8.18.5 and eight.18.5.
VMware resolved a high-severity SMTP header injection bug (CVE-2025-41250) in vCenter that would enable an authenticated attacker with non-administrative privileges to “manipulate the notification emails despatched for scheduled duties”.
Moreover, it patched two high-severity flaws in NSX that would enable attackers to enumerate legitimate usernames.
The primary, CVE-2025-41251, is described as a weak password restoration mechanism problem that would result in brute-force assaults, whereas the second, CVE-2025-41252, is described as a username enumeration defect that would result in unauthorized entry makes an attempt.Commercial. Scroll to proceed studying.
Cloud Basis and vSphere Basis model 9.0.1.0, vCenter variations 8.0 U3g and seven.0 U3w, Cloud Basis variations 5.2.2 and seven.0 U3w (async patch), NSX variations 4.2.2.2, 4.2.3.1, and 4.1.2.7, and NSX-T model 3.2.4.3 include fixes for these flaws. VMware additionally printed patch directions for Cloud Basis and Telco Cloud Infrastructure.
VMware makes no point out of any of those vulnerabilities being exploited within the wild. Nonetheless, customers are suggested to replace their deployments as quickly as attainable.
Associated: Apple Updates iOS and macOS to Forestall Malicious Font Assaults
Associated: Organizations Warned of Exploited Sudo Vulnerability
Associated: No Patches for Vulnerabilities Permitting Cognex Industrial Digicam Hacking
Associated: Cybersecurity Programs Ramp Up Amid Scarcity of Professionals
