VMware News Articles

Update VMware Tools for Windows NOW: High-Severity Flaw Lets Hackers Bypass Authentication

CVE-2025-22230 is described as an "authentication bypass vulnerability" by Broadcom, allowing hackers to perform high-privilege operations without the necessary credentials.

2 weeks ago

Broadcom issues fix for critical authentication bypass in VMware Tools

Broadcom has issued critical security updates to remediate an authentication bypass vulnerability in VMware Tools for Windows.

2 weeks ago

Auth bypass CVE-2025-22230 impacts VMware Windows Tools

Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows.

2 weeks ago

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

VMware Tools flaw CVE-2025-22230 enables high-privilege actions on Windows VMs + No workaround + Patch in 12.5.1.

2 weeks ago

VMware Patches Authentication Bypass Flaw in Windows Tools Suite

The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10.

2 weeks ago

VMware Tools for Windows Vulnerability Let Attackers Bypass Authentication

VMware addressed a significant authentication bypass vulnerability in its VMware Tools for Windows suite. The vulnerability, CVE-2025-22230, could allow malicious actors with non-administrative privileges on a Windows guest virtual machine to perform high-privilege operations within that VM.

2 weeks ago

VMware Vulnerabilities Exploited Actively to Bypass Security Controls & Deploy Ransomware

A surge of ransomware attacks leveraging critical VMware virtualization vulnerabilities has triggered global alerts. Threat actors exploit flaws in ESXi, Workstation, and Fusion products to paralyze enterprise infrastructures.

2 weeks ago

Thousands of Orgs Risk Zero-Day VM Escape Attacks

More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.

1 month ago

Over 37,000 VMware ESXi servers vulnerable to ongoing attacks

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.

1 month ago

41,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks

Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks.

37K+ VMware ESXi instances vulnerable to critical zero-day

Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the Broadcom Support Portal.

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

Tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.

CISA Updates Known Exploited Vulnerabilities Catalog

CISA updates the Known Exploited Vulnerabilities Catalog with 4 critical flaws in Linux and VMware. Quick patching is crucial to mitigate active cyber threats.

VMware flaws exploited in the wild; Broadcom releases patches

VMware ESX, VMware vSphere, VMware Cloud Foundation, or VMware Telco Cloud Platform are affected.

CISA, VMware warn of new vulnerabilities being exploited by hackers

Three product lines from technology giant VMware — ESXI, Workstation and Fusion — have patches for vulnerabilities that the company and the federal government have said are being exploited by hackers.

Broadcom urges customers to patch 3 zero-day VMware flaws

Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.

Broadcom Warns of ESXi, Workstation, and Fusion Zero-Day Vulnerabilities

Broadcom published a critical security advisory (VMSA-2025-0004) on March 4, 2025, about three new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion. The most severe of the vulnerabilities is CVE-2025-22224, a critical vulnerability in ESXi and Work...

VMware ESXi Vulnerabilities Exploited in Wild to Execute Malicious Code

VMware has issued a critical security advisory (VMSA-2025-0004) warning of active exploitation of three vulnerabilities in its ESXi, Workstation, and Fusion products.

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Broadcom patches five VMware Aria Operations flaws, including CVE-2025-22218 (CVSS 8.5), preventing credential leaks and admin privilege abuse in vers

VMware plugs credential-leaking bugs in Cloud Foundation

Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to...

CISA Warns of VMware VCenter Vulnerabilities Actively Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding two newly discovered vulnerabilities in VMware's vCenter Server.

Previously patched vCenter vulnerabilities actively exploited

These vulnerabilities, which enable remote code execution and privilege escalation, were supposedly fixed in September.

VMware vCenter Server RCE Vulnerability Actively Exploited in Attacks

Broadcom has issued an urgent warning that two critical vulnerabilities in VMware vCenter Server are now being actively exploited in the wild.

Critical RCE bug in VMware vCenter Server now exploited in attacks

​Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw.

VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw

The saga of VMWare’s critical CVE-2024-38812 vCenter Server bug has reached the “exploitation detected” stage.

PoC Published for VMWare vCenter Server RCE Vulnerability CVE-2024-38812

Security researchers have discovered and detailed a critical remote code execution (RCE) vulnerability in the VMware vCenter Server, identified as CVE-2024-38812.

Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed

VMware fixes bad patch for critical vCenter Server RCE flaw

VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024.

VMware fixes critical vCenter Server RCE bug - again! (CVE-2024-38812) - Help Net Security

New patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server are out.

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months.

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware releases a patch for critical vCenter Server vulnerability CVE-2024-38812, urging users to update now.

VMware vCenter Server Vulnerabilities Let Attackers Execute Remote Code

Broadcom has released critical security updates to address severe vulnerabilities in VMware vCenter Server that could allow attackers to execute remote code and escalate privileges.

VMware fixes high-severity SQL injection CVE-2024-38814 in HCX

VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager.

VMware Patches High-Severity SQL Injection Flaw in HCX Platform

VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager.

VMware NSX Vulnerabilities Allow Hackers To Execute Arbitrary Commands

VMware has issued a critical advisory (VMSA-2024-0020) detailing multiple vulnerabilities in its NSX and Cloud Foundation products.

VMware critical RCE vulnerability in vCenter Server identified in $2.5 million Chinese zero day competition

There is no workaround for the critical CVE, which is one of a pair of bugs which let attackers carry out remote code execution or escalate privileges.

Critical VMware vCenter Server bugs fixed (CVE-2024-38812) - Help Net Security

CVE-2024-38812 is an unauthenticated heap-overflow vulnerability in the implementation of the DCE/RPC protocol that could lead to RCE.

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Broadcom patches critical VMware vCenter Server vulnerability, CVE-2024-38812, preventing remote code execution. Update now.

BlackByte Hackers Exploiting VMware ESXi Auth Bypass Flaw to Deploy Ransomware

BlackByte ransomware group is actively exploiting a recently patched authentication bypass vulnerability in VMware ESXi hypervisors to deploy ransomware and gain full administrative access to victim networks.

BlackByte Targets ESXi Bug With Ransomware to Access Virtual Assets

The pivot is one of several changes the groups using the malware have used in recent attacks.

Prolonged exploitation of VMware zero-day conducted by Chinese hackers

Attacks exploiting a critical out-of-bounds write zero-day vulnerability in VMware Center Server, tracked as CVE-2023-34048, have been deployed by Chinese cyberespionage operation UNC3886 since 2021, two years before the flaw was identified and addressed, reports The Hacker News.

+20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited CVE-2024-37085.

Microsoft Says VMware ESXi Flaw is Being Exploited By Ransomware Groups

The CVE-2024-37085 vulnerability is present in VMware ESXi hypervisors and has been used to deploy ransomware, according to Microsoft.

20,275 VMware ESXi Vulnerable Instances Exposed, Microsoft Warns of Massive Exploitation

According to the Shadowserver Foundation, the vulnerability, identified as CVE-2024-37085, exposed 20,275 instances as of July 30, 2024.

Ransomware Gangs Exploit ESXi Bug for Instant, Mass Encryption of VMs

With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it.

CISA warns of VMware ESXi bug exploited in ransomware attacks

CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks.

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) - Help Net Security

Ransomware operators have leveraged CVE-2024-37085 to gain full admin access to enterprises' VMware ESXi hypervisors.

Ransomware gangs are loving this dumb but deadly ESXi flaw

Do you have your VMware ESXi hypervisor joined to Active Directory? Well, the latest news from Microsoft serves as a reminder that you might not want to do that given the recently patched vulnerability that...

Microsoft: Ransomware gangs exploiting VMware ESXi flaw | TechTarget

Microsoft researchers discovered and reported an actively exploited ESXi flaw to VMware earlier this year.