High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 

Posted on By CWS

Broadcom on Monday introduced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Instruments merchandise, together with 4 high-severity flaws.

Each Aria Operations and VMware Instruments are impacted by a high-severity native privilege escalation bug tracked as CVE-2025-41244.

“A malicious native actor with non-administrative privileges getting access to a VM with VMware Instruments put in and managed by Aria Operations with SDMP enabled could exploit this vulnerability to escalate privileges to root on the identical VM,” the seller explains.

Patches have additionally been rolled out for a medium-severity problem in VMware Aria Operations that would enable attackers to reveal the credentials of different customers (CVE-2025-41245), and a high-severity defect in Instruments for Home windows that would enable attackers to entry different visitor VMs (CVE-2025-41246).

Fixes for these vulnerabilities have been included in Aria Operations model 8.18.5, Cloud Basis and vSphere Basis variations 9.0.1.0 and 13.0.5.0, VMware Instruments variations 13.0.5 and 12.5.4, and Telco Cloud Infrastructure variations 8.18.5 and eight.18.5.

VMware resolved a high-severity SMTP header injection bug (CVE-2025-41250) in vCenter that would enable an authenticated attacker with non-administrative privileges to “manipulate the notification emails despatched for scheduled duties”.

Moreover, it patched two high-severity flaws in NSX that would enable attackers to enumerate legitimate usernames.

The primary, CVE-2025-41251, is described as a weak password restoration mechanism problem that would result in brute-force assaults, whereas the second, CVE-2025-41252, is described as a username enumeration defect that would result in unauthorized entry makes an attempt.Commercial. Scroll to proceed studying.

Cloud Basis and vSphere Basis model 9.0.1.0, vCenter variations 8.0 U3g and seven.0 U3w, Cloud Basis variations 5.2.2 and seven.0 U3w (async patch), NSX variations 4.2.2.2, 4.2.3.1, and 4.1.2.7, and NSX-T model 3.2.4.3 include fixes for these flaws. VMware additionally printed patch directions for Cloud Basis and Telco Cloud Infrastructure.

VMware makes no point out of any of those vulnerabilities being exploited within the wild. Nonetheless, customers are suggested to replace their deployments as quickly as attainable.

Associated: Apple Updates iOS and macOS to Forestall Malicious Font Assaults

Associated: Organizations Warned of Exploited Sudo Vulnerability

Associated: No Patches for Vulnerabilities Permitting Cognex Industrial Digicam Hacking

Associated: Cybersecurity Programs Ramp Up Amid Scarcity of Professionals

Security Week News Tags:, , , , , , ,

Related Posts

How Software Development Teams Can Securely and Ethically Deploy AI Tools How Software Development Teams Can Securely and Ethically Deploy AI Tools Security Week News
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact Security Week News
California Gov. Gavin Newsom Signs Bill Creating AI Safety Measures California Gov. Gavin Newsom Signs Bill Creating AI Safety Measures Security Week News
Cellcom Service Disruption Caused by Cyberattack Cellcom Service Disruption Caused by Cyberattack Security Week News
Oracle EBS Cyberattack: Silence from Four Major Firms Oracle EBS Cyberattack: Silence from Four Major Firms Security Week News
Memcyco Raises Million for Anti-Impersonation Technology Memcyco Raises $37 Million for Anti-Impersonation Technology Security Week News