CVE-2025-41226

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs...

CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...

CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...

CVE-2025-41228

CVE-2025-41228 affects VMware ESXi and vCenter Server with a reflected XSS caused by improper input validation on login URL paths. A remote attacker can exploit this by accessing the login page to steal cookies or redirect users. Connected documents confirm the issue and provide remediation conte...

CVE-2025-41227 Denial-of-Service Vulnerability

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-servi...

CVE-2025-41227

CVE-2025-41227 affects VMware ESXi, Workstation, and Fusion with a denial-of-service risk from certain guest options. A non-administrative user inside a guest OS can exhaust the host process memory, causing DoS. The connected IBM Broadcom advisory and VMSA-2025-0010 indicate fixed patches: ESXi a...

CVE-2025-41227 Denial-of-Service Vulnerability

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-servi...

CVE-2025-41226 Guest Operations Denial-of-Service Vulnerability

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs...

CVE-2025-41226 Guest Operations Denial-of-Service Vulnerability

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs...

CVE-2025-41226

CVE-2025-41226 affects VMware ESXi (guest-operations DoS). A malicious actor with guest operation privileges, already authenticated via vCenter Server or ESXi, can trigger a DoS on guest VMs running VMware Tools. Connected IBM bulletin confirms this CVE and notes remediation via updates to VMware...

CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...

CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...

CVE-2025-41225

CVE-2025-41225 affects VMware vCenter Server and is an authenticated command-execution vulnerability. A user with privileges to create or modify alarms and run script actions can exploit this to execute arbitrary commands on the vCenter Server. The issue is classified with high impact (C, I, A: H...

CVE-2025-41231

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information...

CVE-2025-41231

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information...

CVE-2025-41229

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services...

CVE-2025-41230

VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information...

CVE-2025-41231

VMware Cloud Foundation contains a Missing Authorisation vulnerability (CVE-2025-41231). The advisory details that an attacker with access to the VMware Cloud Foundation appliance could perform certain unauthorised actions and access limited sensitive information. The issue is part of a set of vu...

CVE-2025-41231 VMware Cloud Foundation Missing Authorisation Vulnerability

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information...

CVE-2025-41230 VMware Cloud Foundation Information Disclosure Vulnerability

VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information...