Vulnerabilities

VMware vCenter Server Vulnerability Exploited in Wild 

VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. 

VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. 

VMware is warning customers that CVE-2023-34048, a critical vCenter Server vulnerability patched in October 2023, is being exploited in the wild.

CVE-2023-34048 has been described as an out-of-bounds write issue related to the implementation of the DCERPC protocol. It can allow an attacker who has network access to vCenter Server to remotely execute arbitrary code.

The issue, discovered by Grigory Dorodnov of Trend Micro’s Zero Day Initiative, was deemed so critical that VMware decided to release patches in October even for versions of the product that have reached an end-of-life (EoL) status.

VMware has now updated its initial security advisory to inform customers that it has confirmed exploitation of CVE-2023-34048 in the wild. 

No information appears to be available at the time of writing on the attacks exploiting the vCenter Server vulnerability. 

A public PoC exploit does not appear to exist, but technical details have been available since early December.

Advertisement. Scroll to continue reading.

According to data from the Shadowserver Foundation, there are currently hundreds of potentially vulnerable internet-exposed instances of VMware vCenter Server.

It’s not uncommon for VMware products to be targeted by malicious actors in their attacks. The known exploited vulnerabilities catalog maintained by the US security agency CISA currently includes 21 VMware product flaws

Related: CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

Related: VMware Urges Customers to Patch Critical Aria Automation Vulnerability 

Related: Critical Authentication Bypass Flaw in VMware Cloud Director Appliance

Related Content

Ransomware

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.

Vulnerabilities

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.

Malware & Threats

The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.

ICS/OT

CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog.

ICS/OT

The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.

Vulnerabilities

CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching.

Vulnerabilities

The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.

Network Security

Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version