Broadcom have recently released new security advisories detailing multiple vulnerabilities affecting VMware Aria Operations, VMware Tools, VMware vCenter, NSX, and related products. The advisories warn of several high-severity flaws including local privilege escalation, information disclosure, improper authorization, SMTP header injection, and username enumeration vulnerabilities. Updated patches are now available to mitigate these risks.
The first advisory (VMSA-2025-0015) addresses three vulnerabilities with CVSS v3 scores ranging from 4.9 to 7.8 affecting VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure.
- CVE-2025-41244 – Local Privilege Escalation where a malicious local user with limited privileges on a VM running VMware Tools and managed by Aria Operations (with SDMP enabled) can escalate privileges to root. Rated Important (CVSS 7.8), this flaw requires patching to prevent unauthorized administrative control.
- CVE-2025-41245 – Information Disclosure where an attacker with non-admin access in Aria Operations may disclose credentials of other users. This vulnerability has a moderate severity (CVSS 4.9) but still poses significant risk to credential confidentiality.
- CVE-2025-41246 – Improper Authorization in VMware Tools (Windows Only) where an attacker with limited privileges and knowledge of target VM and vCenter credentials to access other guest VMs. The CVSS score is 7.6. Linux and macOS versions are not affected.
Patches addressing these vulnerabilities are included in VMware Aria Operations 8.18.5, VMware Tools 12.5.4/13.0.5, VMware Cloud Foundation 9.0.1.0, and relevant Telco Cloud releases. No workarounds are available so patching is crucial. Visit the official advisory for further specification and update information.
The second advisory (VMSA-2025-0016) reveals three high-severity vulnerabilities impacting VMware vCenter Server, NSX-T Data Center, VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure, with CVSS scores from 7.5 to 8.5.
- CVE-2025-41250 – SMTP Header Injection in vCenter where a user with non-administrative vCenter access and permission to schedule tasks can manipulate notification emails, potentially leading to spoofing or phishing risks. This issue scores 8.5 on CVSS and requires immediate patching.
- CVE-2025-41251 – Weak Password Recovery Mechanism in NSX allows unauthenticated attackers to enumerate valid usernames, facilitating brute-force attempts. Rated 8.1 on CVSS, it affects multiple NSX versions.
- CVE-2025-41252 – Username Enumeration in NSX (similar to CVE-2025-41251) lets attackers probe valid usernames and attempt unauthorized access (CVSS 7.5).
Fixed versions for affected components include VMware Cloud Foundation 9.0.1.0, VMware NSX 4.2.3.1/4.2.2.2/4.1.2.7, NSX-T 3.2.4.3, and multiple Telco Cloud releases. No known workarounds exist so patching is crucial. Visit the official advisory for further specification and update information.
These vulnerabilities collectively expose VMware environments to significant risk, including privilege escalation, credential exposure, unauthorized access, and email manipulation. Given the critical role VMware products play in enterprise infrastructure, patching affected systems is strongly recommended as soon as possible.
These critical updates underscore the importance of timely patching to protect VMware environments from privilege escalation, information disclosure, and authorization vulnerabilities. Administrators are strongly advised to apply the latest fixes promptly to safeguard their infrastructure and maintain operational integrity.
Leave a Reply