CVE-2025-41225

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...

CVE-2025-41228

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...

CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...

CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...

CVE-2025-41228

CVE-2025-41228 affects VMware ESXi and vCenter Server with a reflected XSS caused by improper input validation on login URL paths. A remote attacker can exploit this by accessing the login page to steal cookies or redirect users. Connected documents confirm the issue and provide remediation conte...

CVE-2025-41225

CVE-2025-41225 affects VMware vCenter Server and is an authenticated command-execution vulnerability. A user with privileges to create or modify alarms and run script actions can exploit this to execute arbitrary commands on the vCenter Server. The issue is classified with high impact (C, I, A: H...

CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...

CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...

VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)

Advisory ID: | VMSA-2025-0010 ---|--- Advisory Severity: | Important CVSSv3 Range: | 4.3-8.8 Synopsis: | VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 Issue date: | 2025-05-20 Updated on...

PT-2025-22149

Name of the Vulnerable Software and Affected Versions: VMware ESXi and vCenter Server affected versions not specified Description: The issue is related to a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of...

PT-2025-22146

Name of the Vulnerable Software and Affected Versions vCenter Server affected versions not specified Description The issue concerns an authenticated command-execution problem. A malicious actor with privileges to create or modify alarms and run script actions may exploit this to run arbitrary...

VMware vCenter Server 安全漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

VMware vCenter Server 8.0.2 Privilege Escalation

VMware vCenter Server version 8.0.2 proof of concept privilege escalation exploit that leverages a vulnerability from 2024. ============================================================================================================================================= | Title : VMware vCenter Server...

CVE-2024-22274

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system...

Security Bulletin: Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-38812, CVE-2024-38813]

Summary Vulnerabilities in VMware vCenter affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38812 DESCRIPTION: Broadcom VMware vCenter Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of the DCERPC protocol. By sending a...

vCenter Sudo Privilege Escalation

VMware vCenter Server use exploit/linux/local/vcentersudolpe msf exploitvcentersudolpe show targets ...targets... msf exploitvcentersudolpe set TARGET msf exploitvcentersudolpe show options ...show and set options... msf exploitvcentersudolpe exploit This module requires Metasploit:...

PT-2024-15284

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the latest patch release Description A critical security issue in VMware vCenter Server allows attackers to execute remote code on affected systems. This flaw is being actively exploited by cybercriminal...

VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet...

Vulnerabilities fixed in VMware vCenter Server

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, possibly even to root and execute arbitrary code on the system. VMware reports in an update to its original security advisory that exploits have been...

VMware vCenter Server Heap Overflow Vulnerability

VMware vCenter Server is a virtualization management platform provided by VMware to centrally manage and monitor VMware vSphere virtualized environments. A heap overflow vulnerability exists in VMware vCenter Server due to a heap overflow vulnerability in VMware vCenter Server's implementation of...