6 matches found
VMware vCenter Server 7.0.x < 7.0 U3w / 8.0.x < 8.0 U3g SMTP Header Injection (VMSA-2025-0016)
The version of VMware vCenter Server installed on the remote host is 7.0.x prior to 7.0 U3w, or 8.0.x prior to 8.0 U3g. It is, therefore, affected by a vulnerability as referenced in the VMSA-2025-0016 advisory: - VMware vCenter contains an SMTP header injection vulnerability. A malicious actor...
VMware Tools 11.x < 12.5.4 / 13.x < 13.0.5 Multiple Vulnerabilities (VMSA-2025-0015)
The version of VMware Tools installed on the remote host is 11.x or 12.x prior to 12.5.4, or 13.x prior to 13.0.5. It is, therefore, affected by multiple vulnerabilities as disclosed in the VMSA-2025-0015 advisory: - VMware Aria Operations and VMware Tools contain a local privilege escalation...
VMware vCenter Server 7.0.x < 7.0 U3v / 8.0.x < 8.0 U3g DoS (VMSA-2025-0014)
The version of VMware vCenter Server installed on the remote host is 7.0.x prior to 7.0 U3v, or 8.0.x prior to 8.0 U3g. It is, therefore, affected by a vulnerability as referenced in the VMSA-2025-0014 advisory. A malicious actor who is authenticated through vCenter and has permission to perform...
VMware vCenter Server 7.0.x < 7.0 U3v / 8.0.x < 8.0 U3e Authenticated Command Execution (CVE-2025-41225) (VMSA-2025-0010)
The version of VMware vCenter Server installed on the remote host is 7.0.x prior to 7.0 U3v, 8.0.x prior to 8.0 U3e. It is, therefore, affected by a vulnerability as referenced in the VMSA-2025-0010 advisory. - The vCenter Server contains an authenticated command-execution vulnerability...
CVE-2025-22249
CVE-2025-22249 is a DOM-based Cross‑Site Scripting (XSS) flaw in VMware Aria Automation. Affected product: VMware Aria Automation (8.18.x line). Root cause: DOM-based XSS that enables an attacker to steal the access token of a logged-in user by convincing the user to click a malicious crafted pay...
VMSA-2025-0003: VMware Aria Operations for Logs and VMware Aria Operations updates address multiple vulnerabilities (CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221 and CVE-2025-22222)
Advisory ID: | VMSA-2025-0003 ---|--- Advisory Severity: | Important CVSSv3 Range: | 5.2-8.5 Synopsis: | VMware Aria Operations for Logs and VMware Aria Operations updates address multiple vulnerabilities CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222 Issue date: |...