VMware News Articles
Recent news articles refferecing the vendors vulnerabilities.
CybleCSA Issues Critical Alert For VMware Vulnerabilities
Broadcom and CSA warn of critical VMware Vulnerabilities ilties flaws, including CVE-2025-41236 and CVE-2025-41237. Update ESXi, Workstation, and Fusion immediately to stay secure.
BornCityCVE-2025-22224Over 37,000 VMware ESXi servers vulnerable via CVE-2025-22224 | Born's Tech and Windows World
[German]This week, VMware by Broadcom has released security updates for various products, including VMware ESXi servers, to close security gaps. One vulnerability has already been exploited as a 0-day. Now...
Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025
VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them.
Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025
VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them.
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin
VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025.
Cyber Security Agency of SingaporeMultiple Vulnerabilities in VMware Products
Security updates have been released for multiple vulnerabilities affecting VMware products.
0-day vulnerabilities in VMWare ESXi, Workstation and Fusion | Born's Tech and Windows World
[German]As of March 4, 2025, VMware by Broadcom has published a security advisory to warn of three zero-day vulnerabilities CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226) that have already been exploited...
Cyber PressVMware ESXi and vCenter Flaw Enables Arbitrary Command Execution
Now a Broadcom company, VMware has released urgent security updates to address several high-severity vulnerabilities
GBHackers NewsCritical VMware Cloud Foundation Vulnerability Exposes Sensitive Data
Broadcom's VMware division has disclosed three significant security vulnerabilities in its Cloud Foundation platform.
CyberSecurityNewsCVE-2025-22247VMware Tools Vulnerability Let Attackers Tamper Files to Trigger Malicious Operations
A moderate-severity vulnerability in VMware Tools could allow attackers with limited privileges to manipulate files and trigger insecure operations within virtual machines.
TechRepublicCVE-2025-22230Update VMware Tools for Windows NOW: High-Severity Flaw Lets Hackers Bypass Authentication
CVE-2025-22230 is described as an "authentication bypass vulnerability" by Broadcom, allowing hackers to perform high-privilege operations without the necessary credentials.
Broadcom issues fix for critical authentication bypass in VMware Tools
Broadcom has issued critical security updates to remediate an authentication bypass vulnerability in VMware Tools for Windows.
Broadcom issues fix for critical authentication bypass in VMware Tools
Broadcom has issued critical security updates to remediate an authentication bypass vulnerability in VMware Tools for Windows.
Security AffairsCVE-2025-22230Auth bypass CVE-2025-22230 impacts VMware Windows Tools
Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows.
The Hacker NewsCVE-2025-22230New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
VMware Tools flaw CVE-2025-22230 enables high-privilege actions on Windows VMs + No workaround + Patch in 12.5.1.
VMware Patches Authentication Bypass Flaw in Windows Tools Suite
The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10.
CybersecurityNewsCVE-2025-22230VMware Tools for Windows Vulnerability Let Attackers Bypass Authentication
VMware addressed a significant authentication bypass vulnerability in its VMware Tools for Windows suite. The vulnerability, CVE-2025-22230, could allow malicious actors with non-administrative privileges on a Windows guest virtual machine to perform high-privilege operations within that VM.
VMware Vulnerabilities Exploited Actively to Bypass Security Controls & Deploy Ransomware
A surge of ransomware attacks leveraging critical VMware virtualization vulnerabilities has triggered global alerts. Threat actors exploit flaws in ESXi, Workstation, and Fusion products to paralyze enterprise infrastructures.
Thousands of Orgs Risk Zero-Day VM Escape Attacks
More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.
Broadcom: VMware Zero-Days Being Exploited in the Wild
The company issued fixes for the flaws, which can let hackers escape the VM and control the host.
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.
CybersecurityNewsCVE-2025-2222441,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks
Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks.
Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks
Tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.
37K+ VMware ESXi instances vulnerable to critical zero-day
Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the Broadcom Support Portal.
The StackVMware: Critical “VM escape” zero day exploited in wild
Broadcom warned that a trio of VMware zero days are being exploited in the wild – attackers can “escape” from a VM to the underlying hypervisor.
The Cyber ExpressCISA Updates Known Exploited Vulnerabilities Catalog
CISA updates the Known Exploited Vulnerabilities Catalog with 4 critical flaws in Linux and VMware. Quick patching is crucial to mitigate active cyber threats.
CISA Updates Known Exploited Vulnerabilities Catalog
CISA updates the Known Exploited Vulnerabilities Catalog with 4 critical flaws in Linux and VMware. Quick patching is crucial to mitigate active cyber threats.
VMware flaws exploited in the wild; Broadcom releases patches
VMware ESX, VMware vSphere, VMware Cloud Foundation, or VMware Telco Cloud Platform are affected.
CISA, VMware warn of new vulnerabilities being exploited by hackers
Three product lines from technology giant VMware — ESXI, Workstation and Fusion — have patches for vulnerabilities that the company and the federal government have said are being exploited by hackers.
Broadcom urges customers to patch 3 zero-day VMware flaws
Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.
Australian Cyber Security MagazineCVE-2025-22224Broadcom Warns of ESXi, Workstation, and Fusion Zero-Day Vulnerabilities
Broadcom published a critical security advisory (VMSA-2025-0004) on March 4, 2025, about three new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion. The most severe of the vulnerabilities is CVE-2025-22224, a critical vulnerability in ESXi and Work...
VMware flaws exploited in the wild; Broadcom releases patches
VMware ESX, VMware vSphere, VMware Cloud Foundation, or VMware Telco Cloud Platform are affected.
CybersecurityNewsCVE-2025-22224VMware ESXi Vulnerabilities Exploited in Wild to Execute Malicious Code
VMware has issued a critical security advisory (VMSA-2025-0004) warning of active exploitation of three vulnerabilities in its ESXi, Workstation, and Fusion products.
VMware Aria Operations Vulnerabilities Allow Attackers to Perform Admin-Level Actions
VMware has released a critical security advisory, VMSA-2025-0003, addressing multiple vulnerabilities in VMware Aria Operations.
The Hacker NewsCVE-2025-22218Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft
Broadcom patches five VMware Aria Operations flaws, including CVE-2025-22218 (CVSS 8.5), preventing credential leaks and admin privilege abuse in vers
The RegisterVMware plugs credential-leaking bugs in Cloud Foundation
Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to...
CISA Warns of VMware VCenter Vulnerabilities Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding two newly discovered vulnerabilities in VMware's vCenter Server.
Techzine EuropeCVE-2024-38812Previously patched vCenter vulnerabilities actively exploited
These vulnerabilities, which enable remote code execution and privilege escalation, were supposedly fixed in September.
CybersecurityNewsCVE-2024-38812VMware vCenter Server RCE Vulnerability Actively Exploited in Attacks
Broadcom has issued an urgent warning that two critical vulnerabilities in VMware vCenter Server are now being actively exploited in the wild.
Critical RCE bug in VMware vCenter Server now exploited in attacks
Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw.
VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw
The saga of VMWare’s critical CVE-2024-38812 vCenter Server bug has reached the “exploitation detected” stage.
CyberSecurityNewsCVE-2024-38812PoC Published for VMWare vCenter Server RCE Vulnerability CVE-2024-38812
Security researchers have discovered and detailed a critical remote code execution (RCE) vulnerability in the VMware vCenter Server, identified as CVE-2024-38812.
Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024.
Help Net SecurityCVE-2024-38812VMware fixes critical vCenter Server RCE bug - again! (CVE-2024-38812) - Help Net Security
New patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server are out.
Security AffairsCVE-2024-38812VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812
VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months.
The Hacker NewsCVE-2024-38812VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware releases a patch for critical vCenter Server vulnerability CVE-2024-38812, urging users to update now.
CyberSecurityNewsCVE-2024-38812VMware vCenter Server Vulnerabilities Let Attackers Execute Remote Code
Broadcom has released critical security updates to address severe vulnerabilities in VMware vCenter Server that could allow attackers to execute remote code and escalate privileges.
Security AffairsCVE-2024-38814VMware fixes high-severity SQL injection CVE-2024-38814 in HCX
VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager.