kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

CVE-2025-41241

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on July 31, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-212-01 Güralp FMUS Series Seismic Monitoring Devices ICSA-25-212-02 Rockwell Automation...

Integer Overflow Vulnerability in Multiple VMWare Products

VMWare ESXi and others are products of VMWare, Inc. VMWare ESXi is an enterprise-grade Type-1 hypervisor developed by VMWare, Inc. that can be installed and run directly on physical server hardware without relying on the underlying operating system for efficient creation and management of virtual...

CVE-2025-41241

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition...

CVE-2025-41241 Denial-of-service vulnerability

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition...

CVE-2025-41241 Denial-of-service vulnerability

VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition...

CVE-2025-41241

CVE-2025-41241 is a denial-of-service vulnerability in VMware vCenter. An authenticated attacker with permission to perform API calls for guest OS customization can trigger a DoS condition. CVSSv3 base score 4.4 (AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Remediation outlined by VMSA/Broadcom: patch t...

Security Bulletin: IBM Cloud Pak System is vulnerable to an authenticated command-execution due to use of VMWare vCenter [CVE-2025-41225].

Summary IBM Cloud Pak System is vulnerable to an authenticated command-execution due to use of VMware vCenter CVE-2025-41225. Vulnerability Details CVEID:CVE-2025-41225 DESCRIPTION: The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to...

PT-2025-31196

Name of the Vulnerable Software and Affected Versions: VMware vCenter affected versions not specified Description: VMware vCenter contains a denial-of-service vulnerability. An authenticated malicious actor with permission to perform API calls for guest OS customization may trigger this issue,...

VMware vCenter 安全漏洞

VMware vCenter is a virtualization management software from VMware. A security vulnerability exists in VMware vCenter that originates from an authenticated attacker that could trigger a denial of service condition...

VMSA-2025-0014: VMware vCenter updates address a denial-of-service vulnerability (CVE-2025-41241)

Advisory ID: | VMSA-2025-0014.1 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 4.4 Synopsis: | VMware vCenter updates address a denial-of-service vulnerability CVE-2025-41241 Issue date: | 2025-07-29 Updated on: | 2025-07-30 CVEs | CVE-2025-41241 1. Impacted Products VMware Cloud Foundatio...

Scattered Spider Launching Ransomware on Hijacked VMware Systems, Google

A new report from Google's GTIG reveals how UNC3944 0ktapus uses social engineering to compromise Active Directory, then exploits VMware vSphere for data theft and direct ransomware deployment. Understand their tactics and learn vital mitigation steps...

Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven...

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, observed this year, is primarily designed Now to infiltrate organizations' VMware ESXi and vCenter environments as well as network...

The vulnerability of the vSockets library in VMware ESXi, VMware Workstation, and VMware Fusion allows a hacker to gain unauthorized access to protected information.

The vulnerability of the vSockets library in VMware ESXi, VMware Workstation, and VMware Fusion hypervisors is related to the use of an uninitialized resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

CVE-2025-41239

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes...

CVE-2025-41237

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

CVE-2025-41236

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

VMware ESXi VMCI Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...