VMware Fusion 13.0.x < 13.6.3 Multiple Vulnerabilities (VMSA-2025-0010)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 13.0.x prior to 13.6.3. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

Photon OS 4.0: Nodejs PHSA-2025-4.0-0801

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0801. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

The vulnerability in the set of VMware Tools relates to incorrect definition of the link before accessing the file, allowing an attacker to escalate their privileges.

The vulnerability of the VMware Tools utility is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to increase their privileges...

Photon OS 5.0: Open PHSA-2025-5.0-0523

An update of the open package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0523. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

VMware Spring Framework < 5.3.43, 6.0.x < 6.0.28, 6.1.x < 6.1.20, 6.2.x < 6.2.7 Authorization Bypass Vulnerability - Windows

The VMware Spring Framework is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework < 5.3.43, 6.0.x < 6.0.28, 6.1.x < 6.1.20, 6.2.x < 6.2.7 Authorization Bypass Vulnerability - Linux

The VMware Spring Framework is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Photon OS 4.0: Patch PHSA-2024-4.0-0564

An update of the patch package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0564. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…...

Security Bulletin: Vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Pivota Spring Framework, VMware Tanzu Spring Framework, VMware Spring Framework. Vulnerabilities include an attacker and remote attacker could exploit these vulnerabilities to execute arbitrary code on the...

VMware Aria Automation 8.18.x < 8.18.1 patch 2 DOM Based XSS (VMSA-2025-0008)

The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0008 advisory. - VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token o...

VMware Spring Framework 输入验证错误漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework versions 6.2.0 through 6.2.6, 6.1.0 through 6.1.19, 6.0.0 through 6.0.27, and...

VMware Tools 11.x / 12.x < 12.5.2 Insecure File Handling (VMSA-2025-0007)

The version of VMware Tools installed on the remote host is 11.x or 12.x prior to 12.5.2. It is, therefore, affected by an insecure file handling vulnerability: - VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may...

CVE-2025-22249

VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...

Photon OS 5.0: Gnuplot PHSA-2025-5.0-0522

An update of the gnuplot package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0522. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Redis PHSA-2025-5.0-0522

An update of the redis package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0522. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Syslog PHSA-2025-5.0-0521

An update of the syslog package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0521. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insecure management of privileges. This allows attackers to escalate their privileges and gain access to create, modify, or delete files.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments in VMware Avi Load Balancer is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges and gain access to create, modify, or delete...

The vulnerability of the monitoring tool for VMware Aria Operations, related to errors in privilege management, allows a perpetrator to escalate their privileges.

The vulnerability of the monitoring tool for VMware Aria Operations is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of VMware NSX network virtualization platform, related to insecure management of privileges, allows attackers to escalate their privileges.

The vulnerability of VMware NSX network virtualization platform is related to insecure management of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of the VMware Aria Operations for Logs network log analysis tool lies in the insufficient protection of operational data, which allows an attacker to exploit this weakness to disclose protected information.

The vulnerability of the VMware Aria Operations for Logs network log analysis tool is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...