Broadcom-owned VMware on Tuesday rolled out pressing patches for 2 units of flaws that expose its flagship infrastructure software program to information leakage, command execution and denial-of-service assaults, with no short-term workarounds out there.
The virtualization expertise big pushed out two separate bulletins documenting at the least 7 vulnerabilities within the VMware Cloud Basis, VMware ESXi, vCenter Server, Workstation, and Fusion product traces.
The extra pressing advisory, VMSA-2025-0009, credit the NATO Cyber Safety Centre for reporting three safety defects in VMware Cloud Basis. The very best-rated, CVE-2025-41229, is a directory-traversal problem that scores 8.2/10 on the CVSS scale.
“A malicious actor with community entry to port 443 on VMware Cloud Basis might exploit this problem to entry sure inside providers,” the corporate warned.
VMware additionally shipped patches for an information-disclosure bug (CVSS 7.5) and a missing-authorisation error (CVSS 7.3) in VMware Cloud Basis, a product utilized by enterprises to construct and handle personal clouds.
Prospects are urged to improve instantly to VMware Cloud Basis 5.2.1.2
VMware additionally pushed out a second bulletin (VMSA-2025-0010) with documentation for 4 vulnerabilities throughout ESXi, vCenter Server, Workstation and Fusion.
The headline problem is CVE-2025-41225, an authenticated command-execution flaw in vCenter that carries a CVSS 8.8 score. VMware warns that an attacker who can create or modify alarms can run arbitrary instructions on the administration airplane. Commercial. Scroll to proceed studying.
The opposite three bugs embrace two denial-of-service circumstances (CVSS 6.8 and 5.5) and a mirrored XSS in each ESXi and vCenter (CVSS 4.3).
As with the Cloud Basis flaws, VMware lists no mitigations past upgrading. There is no such thing as a point out of in-the-wild exploits for any of those flaws.
Associated: VMware Discloses Exploitation of Onerous-to-Repair vCenter Server Flaw
Associated: VMware Struggles to Repair Flaw Exploited at Chinese language Hacking Contest
Associated: VMware Patches RCE Flaw Present in Chinese language Hacking Contest
Associated: Microsoft Says Ransomware Gangs Exploiting VMware ESXi Flaw
