1050 matches found
The vulnerability of the software for managing VMware vCenter Server’s virtual infrastructure lies in the lack of measures taken to neutralize special elements used in the operating system commands, allowing attackers to execute arbitrary commands.
The vulnerability of the software for managing VMware vCenter Server lies in the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...
CVE-2025-41225
The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...
CVE-2025-41228
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...
CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...
CVE-2025-41228
CVE-2025-41228 affects VMware ESXi and vCenter Server with a reflected XSS caused by improper input validation on login URL paths. A remote attacker can exploit this by accessing the login page to steal cookies or redirect users. Connected documents confirm the issue and provide remediation conte...
CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...
CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability
The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...
CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability
The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...
CVE-2025-41225
CVE-2025-41225 affects VMware vCenter Server and is an authenticated command-execution vulnerability. A user with privileges to create or modify alarms and run script actions can exploit this to execute arbitrary commands on the vCenter Server. The issue is classified with high impact (C, I, A: H...
VMware vCenter Server 安全漏洞
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...
PT-2025-22146
Name of the Vulnerable Software and Affected Versions vCenter Server affected versions not specified Description The issue concerns an authenticated command-execution problem. A malicious actor with privileges to create or modify alarms and run script actions may exploit this to run arbitrary...
PT-2025-22149
Name of the Vulnerable Software and Affected Versions: VMware ESXi and vCenter Server affected versions not specified Description: The issue is related to a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of...
VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)
Advisory ID: | VMSA-2025-0010 ---|--- Advisory Severity: | Important CVSSv3 Range: | 4.3-8.8 Synopsis: | VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 Issue date: | 2025-05-20 Updated on...
VMware vCenter Server 8.0.2 Privilege Escalation
VMware vCenter Server version 8.0.2 proof of concept privilege escalation exploit that leverages a vulnerability from 2024. ============================================================================================================================================= | Title : VMware vCenter Server...
CVE-2024-22274
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system...
Security Bulletin: Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-38812, CVE-2024-38813]
Summary Vulnerabilities in VMware vCenter affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38812 DESCRIPTION: Broadcom VMware vCenter Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of the DCERPC protocol. By sending a...
vCenter Sudo Privilege Escalation
VMware vCenter Server use exploit/linux/local/vcentersudolpe msf exploitvcentersudolpe show targets ...targets... msf exploitvcentersudolpe set TARGET msf exploitvcentersudolpe show options ...show and set options... msf exploitvcentersudolpe exploit This module requires Metasploit:...
PT-2024-15284
Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the latest patch release Description A critical security issue in VMware vCenter Server allows attackers to execute remote code on affected systems. This flaw is being actively exploited by cybercriminal...
VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet...
Vulnerabilities fixed in VMware vCenter Server
VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, possibly even to root and execute arbitrary code on the system. VMware reports in an update to its original security advisory that exploits have been...