On May 20, 2025, VMware, now under Broadcom, issued urgent patches addressing several critical security vulnerabilities across its major infrastructure products. These flaws impact VMware Cloud Foundation, ESXi, vCenter Server, Workstation, and Fusion, leaving systems exposed to data leaks, remote command execution, and denial-of-service (DoS) attacks.
The most severe advisory, VMSA-2025-0009, includes vulnerabilities reported by the NATO Cyber Security Centre. Among these is CVE-2025-41229, a directory traversal flaw rated 8.2/10 on the CVSS scale. This vulnerability allows attackers with network access to port 443 on VMware Cloud Foundation to access sensitive internal services.
Two additional flaws in this advisory include: 
-
CVE-2025-41230: An information disclosure vulnerability, rated 7.5 CVSS.
-
CVE-2025-41231: A missing authorization check vulnerability, rated 7.3 CVSS.
These issues affect VMware Cloud Foundation, a product widely used to manage private cloud environments. VMware strongly urges customers to upgrade immediately to Cloud Foundation version 5.2.1.2, as no temporary mitigations are available.
A second security bulletin, VMSA-2025-0010, addresses four more vulnerabilities across vCenter Server, ESXi, Workstation, and Fusion. The most critical among them is:
-
CVE-2025-41225: An authenticated command execution bug in vCenter Server, scoring 8.8 CVSS. Exploiting this allows an attacker with alarm-modification privileges to run arbitrary commands on the management plane.
The remaining vulnerabilities include:
-
Two denial-of-service flaws rated 6.8 and 5.5 CVSS.
-
A reflected cross-site scripting (XSS) flaw in both ESXi and vCenter Server, rated 4.3 CVSS.
VMware has not reported any in-the-wild exploitation of these vulnerabilities but stresses the urgency of applying patches without delay.
These disclosures continue a trend of serious security issues affecting VMware infrastructure, particularly in light of past high-profile vulnerabilities exposed during global hacking contests and targeted by ransomware groups.
Users and administrators are advised to check VMware’s official security advisories and update their systems to the latest secure versions immediately to minimize risk.
