Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter 

The flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames.

VMware

Broadcom on Monday announced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Tools products, including four high-severity flaws.

Both Aria Operations and VMware Tools are impacted by a high-severity local privilege escalation bug tracked as CVE-2025-41244.

“A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM,” the vendor explains.

Patches have also been rolled out for a medium-severity issue in VMware Aria Operations that could allow attackers to disclose the credentials of other users (CVE-2025-41245), and a high-severity defect in Tools for Windows that could allow attackers to access other guest VMs (CVE-2025-41246).

Fixes for these vulnerabilities were included in Aria Operations version 8.18.5, Cloud Foundation and vSphere Foundation versions 9.0.1.0 and 13.0.5.0, VMware Tools versions 13.0.5 and 12.5.4, and Telco Cloud Infrastructure versions 8.18.5 and 8.18.5.

VMware resolved a high-severity SMTP header injection bug (CVE-2025-41250) in vCenter that could allow an authenticated attacker with non-administrative privileges to “manipulate the notification emails sent for scheduled tasks”.

Advertisement. Scroll to continue reading.

Additionally, it patched two high-severity flaws in NSX that could allow attackers to enumerate valid usernames.

The first, CVE-2025-41251, is described as a weak password recovery mechanism issue that could lead to brute-force attacks, while the second, CVE-2025-41252, is described as a username enumeration defect that could lead to unauthorized access attempts.

Cloud Foundation and vSphere Foundation version 9.0.1.0, vCenter versions 8.0 U3g and 7.0 U3w, Cloud Foundation versions 5.2.2 and 7.0 U3w (async patch), NSX versions 4.2.2.2, 4.2.3.1, and 4.1.2.7, and NSX-T version 3.2.4.3 contain fixes for these flaws. VMware also published patch instructions for Cloud Foundation and Telco Cloud Infrastructure.

VMware makes no mention of any of these vulnerabilities being exploited in the wild. However, users are advised to update their deployments as soon as possible.

Related: Apple Updates iOS and macOS to Prevent Malicious Font Attacks

Related: Organizations Warned of Exploited Sudo Vulnerability

Related: No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking

Related: Cybersecurity Courses Ramp Up Amid Shortage of Professionals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.