NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

Posted on By CWS

Broadcom-owned VMware on Tuesday rolled out pressing patches for 2 units of flaws that expose its flagship infrastructure software program to information leakage, command execution and denial-of-service assaults, with no short-term workarounds out there. 

The virtualization expertise big pushed out two separate bulletins documenting at the least 7 vulnerabilities within the VMware Cloud Basis, VMware ESXi, vCenter Server, Workstation, and Fusion product traces.

The extra pressing advisory, VMSA-2025-0009, credit the NATO Cyber Safety Centre for reporting three safety defects in VMware Cloud Basis. The very best-rated, CVE-2025-41229, is a directory-traversal problem that scores 8.2/10 on the CVSS scale.

“A malicious actor with community entry to port 443 on VMware Cloud Basis might exploit this problem to entry sure inside providers,” the corporate warned.

VMware additionally shipped patches for an information-disclosure bug (CVSS 7.5) and a missing-authorisation error (CVSS 7.3) in VMware Cloud Basis, a product utilized by enterprises to construct and handle personal clouds.

Prospects are urged to improve instantly to VMware Cloud Basis 5.2.1.2

VMware additionally pushed out a second bulletin (VMSA-2025-0010) with documentation for 4 vulnerabilities throughout ESXi, vCenter Server, Workstation and Fusion. 

The headline problem is CVE-2025-41225, an authenticated command-execution flaw in vCenter that carries a CVSS 8.8 score. VMware warns that an attacker who can create or modify alarms can run arbitrary instructions on the administration airplane. Commercial. Scroll to proceed studying.

The opposite three bugs embrace two denial-of-service circumstances (CVSS 6.8 and 5.5) and a mirrored XSS in each ESXi and vCenter (CVSS 4.3).

As with the Cloud Basis flaws, VMware lists no mitigations past upgrading. There is no such thing as a point out of in-the-wild exploits for any of those flaws.

Associated: VMware Discloses Exploitation of Onerous-to-Repair vCenter Server Flaw

Associated: VMware Struggles to Repair Flaw Exploited at Chinese language Hacking Contest

Associated: VMware Patches RCE Flaw Present in Chinese language Hacking Contest

Associated: Microsoft Says Ransomware Gangs Exploiting VMware ESXi Flaw

Security Week News Tags:, , , , , , ,

Related Posts

200,000 Harbin Clinic Patients Impacted by NRS Data Breach Security Week News
Dozens of SysAid Instances Vulnerable to Remote Hacking Security Week News
New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA Security Week News
Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023 Security Week News
Rising Tides: Kelley Misata on Bringing Cybersecurity to Nonprofits Security Week News
CrowdStrike Plans Layoffs to Pursue $10B ARR Target Security Week News