NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch

Posted on By CWS

Broadcom-owned VMware on Tuesday rolled out pressing patches for 2 units of flaws that expose its flagship infrastructure software program to information leakage, command execution and denial-of-service assaults, with no short-term workarounds out there. 

The virtualization expertise big pushed out two separate bulletins documenting at the least 7 vulnerabilities within the VMware Cloud Basis, VMware ESXi, vCenter Server, Workstation, and Fusion product traces.

The extra pressing advisory, VMSA-2025-0009, credit the NATO Cyber Safety Centre for reporting three safety defects in VMware Cloud Basis. The very best-rated, CVE-2025-41229, is a directory-traversal problem that scores 8.2/10 on the CVSS scale.

“A malicious actor with community entry to port 443 on VMware Cloud Basis might exploit this problem to entry sure inside providers,” the corporate warned.

VMware additionally shipped patches for an information-disclosure bug (CVSS 7.5) and a missing-authorisation error (CVSS 7.3) in VMware Cloud Basis, a product utilized by enterprises to construct and handle personal clouds.

Prospects are urged to improve instantly to VMware Cloud Basis 5.2.1.2

VMware additionally pushed out a second bulletin (VMSA-2025-0010) with documentation for 4 vulnerabilities throughout ESXi, vCenter Server, Workstation and Fusion. 

The headline problem is CVE-2025-41225, an authenticated command-execution flaw in vCenter that carries a CVSS 8.8 score. VMware warns that an attacker who can create or modify alarms can run arbitrary instructions on the administration airplane. Commercial. Scroll to proceed studying.

The opposite three bugs embrace two denial-of-service circumstances (CVSS 6.8 and 5.5) and a mirrored XSS in each ESXi and vCenter (CVSS 4.3).

As with the Cloud Basis flaws, VMware lists no mitigations past upgrading. There is no such thing as a point out of in-the-wild exploits for any of those flaws.

Associated: VMware Discloses Exploitation of Onerous-to-Repair vCenter Server Flaw

Associated: VMware Struggles to Repair Flaw Exploited at Chinese language Hacking Contest

Associated: VMware Patches RCE Flaw Present in Chinese language Hacking Contest

Associated: Microsoft Says Ransomware Gangs Exploiting VMware ESXi Flaw

Security Week News Tags:, , , , , , ,

Related Posts

Apple Blocks 2 Million App Store Apps for Security in 2025 Apple Blocks 2 Million App Store Apps for Security in 2025 Security Week News
U.S. Accuses Hacker in Uranium Exchange Breach U.S. Accuses Hacker in Uranium Exchange Breach Security Week News
Sophisticated Phishing Attack Targets Security Firm Executive Sophisticated Phishing Attack Targets Security Firm Executive Security Week News
Chrome Update Fixes Zero-Day Among 21 Vulnerabilities Chrome Update Fixes Zero-Day Among 21 Vulnerabilities Security Week News
Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow Militant Groups Are Experimenting With AI, and the Risks Are Expected to Grow Security Week News
Aeternum Botnet Uses Polygon Blockchain for C&C Resilience Aeternum Botnet Uses Polygon Blockchain for C&C Resilience Security Week News