Author: denpiero08

VMSA-2025-0016: VMware vCenter and NSX

By Lerpong Intaraworrpath | October 4th, 2025

VMSA-2025-0016: VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Advisory ID: VMSA-2025-0016
Advisory Severity:Important
CVSSv3 Range:7.5 -8.5
Synopsis:VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252)
Issue date:2025-09-29
Updated on:2025-09-29 (Initial Advisory)
CVE(s)CVE-2025-41250, CVE-2025-41251, CVE-2025-41252

Impacted Products:

  • VMware NSX – 4.2.x, 4.1.x, 4.0.x
  • NSX-T – 3.x
  • VMware Cloud Foundation – 9.x.x.x, 5.x, 4.5.x
  • VMware vCenter Server -8.0, 7.0
  • VMware Telco Cloud Platform – 5.x, 4.x, 3.x, 2.x
  • VMware Telco Cloud Infrastructure – 3.x, 2.x

Introduction

Multiple vulnerabilities in VMware vCenter and NSX were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products.

A.vCenter SMTP header injection vulnerability (CVE-2025-41250)

B.NSX weak password recovery mechanism vulnerability (CVE-2025-41251)

C.NSX username enumeration vulnerability (CVE-2025-41252)

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

VMSA-2025-0015: VMware Aria Operations and VMware Tools

By Lerpong Intaraworrpath | October 4th, 2025

VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

Advisory ID: VMSA-2025-0015
Advisory Severity:Important
CVSSv3 Range:4.9 -7.8
Synopsis:VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)
Issue date:2025-09-29
Updated on:2025-09-29 (Initial Advisory)
CVE(s)CVE-2025-41244, CVE-2025-41245, CVE-2025-41246

Impacted Products:

  • VMware Aria Operations – version 8.x
  • VMware Tools – 13.x.x, 12.x.x, 11.x.x
  • VMware Cloud Foundation – 5.x, 4.x, 9.x.x.x
  • VMware Telco Cloud Platform – 5.x, 4.x
  • VMware Telco Cloud Infrastructure – 3.x, 2.x

Introduction

Multiple vulnerabilities in VMware Aria Operations and VMware Tools were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in affected Broadcom products.

A.Local privilege escalation vulnerability (CVE-2025-41244)

B.VMware Aria Operations Information disclosure vulnerability (CVE-2025-41245)

C.VMware Tools improper authorisation vulnerability (CVE-2025-41246)

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

vCenter Server shows unhealthy in VAMI:5480 page.

By Lerpong Intaraworrapath | September 18th, 2025

We found that vCenter Server appliance shows unhealthy status in Overall Health alert and Memory alert.

We expand the Memory status alert show message

Appliance is running low on memory. Add more memory to the machine

Step

1.In a Web browser, go to the vCenter Appliance Management Interface.

https://appliance-IP-address-or-FQDN:5480.

2.We get an alert stating that the alert is for Overall Health.

3.We discovered that the Overall Health alert comes from the memory alert.

4.We validated KB: https://knowledge.broadcom.com/external/article/318571/appliance-is-running-low-on-memory-add-m.html and determined that it is not applicable.

5.Use the following command.

# grep -i percpu /proc/meminfo

It is not high (not more than 1GB).

6.It is a low number (0) of VMware Pod service restarts, as validated by the following command on the VCSA SSH session:

# journalctl -b 0 | grep "Started VMware Pod" | wc -l

7.The vCenter Server appliance is assigned 30GB of memory, which is insufficient to support 1300+ VMs.

  • vCenter Server Appliance configuration.
  • CPU: 8
  • Memory: 30GB
  • Disk: 1TB

8.We may look at the memory % history from last year and last month.

Based on memory history, we can determine that the memory percentage is sometimes more than 80% and sometimes lower.

Last month

Last year

Memory usage is around 80% which is triggering the alert in the VAMI Page.

We recommend increasing RAM from 30GB to 34 or 36GB to manage more than 1300+ VMs.

Suggestions:

Increase the memory of the vCenter Server appliance as required by following the procedures below:

1.Log in to the ESXi Host UI and shutdown the vCenter Server appliance .

2.Increase Memory.

3.Turn on the vCenter Server appliance


Check replication agreement and status with vCenter Server using CLI

By Lerpong Intaraworrapath | September 3rd, 2025

This article explains how to use the vdcrepadmin command-line interface (CLI) for assessing the vSphere domain and vCenter Server, as well as check the replication agreements and replication status in an environment.

How does it work?

In this article, we will look at 2 vCenter servers that have been setup with enhanced link mode.

Note that this requires BASH Shell access to the appliance. To change from the appliance shell to the BASH shell, see Toggling the vCenter Server Appliance 6.x default shell.

1.SSH into vCenter Server T01 and use the following command to display all of the vCenter Servers with a vSphere domain.

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator

2.After you press enter, you will be asked to type the password and enter.

3.You will find the results below.

4.Use the following command to determine the current replication status of any replication partner.

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator

5.After you press enter, you will be asked to type the password and enter.

6.You will find the results below from vCenter Server T01 .

7.Then, log into vCenter Server T02 and run the command in step 4. The results are provided below.

Here we can see that both replication partners are 0 changes behind, and their changes are equivalent. Keep in mind that the two replication partners’ change values may differ from one another, and as long as they are 0 changes independently, everything is adequate.

Reference

Determining replication agreements and status with the Platform Services Controller (PSC)
https://knowledge.broadcom.com/external/article?legacyId=2127057

Toggling the vCenter Server Appliance default shell
https://knowledge.broadcom.com/external/article/319670

VMware Cloud Foundation Architecture Poster

By Lerpong Intaraworrapath | 7th August 2025

VMware Cloud Foundation Architecture Poster

The VMware Cloud Foundation (VCF) Architecture poster has been updated and includes many of the new advancements introduced with the release of VCF 9. It provides a visual guide that outlines the key components and architecture that enable a software-defined data center (SDDC) and cloud operating model.

https://blogs.vmware.com/cloud-foundation/2025/08/04/vmware-cloud-foundation-architecture-poster

Download the VMware Cloud Foundation Architecture poster.

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities

By Lerpong Intaraworrapath | July 22nd, 2025

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

Advisory ID: VMSA-2025-0013
Advisory Severity:Critical
CVSSv3 Range:6.2-9.3
Synopsis:VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
Issue date:2025-07-15
Updated on:2025-07-15 (Initial Advisory)
CVE(s)CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239

Impacted Products

  • VMware Cloud Foundation
  • VMware vSphere Foundation
  • VMware ESXi
  • VMware Workstation Pro
  • VMware Fusion
  • VMware Tools
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure

Introduction

Multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products. 

A.VMXNET3 integer-overflow vulnerability (CVE-2025-41236) 

B.VMCI integer-underflow vulnerability (CVE-2025-41237) 

C.PVSCSI heap-overflow vulnerability (CVE-2025-41238)

More here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

https://support.broadcom.com/web/ecx/security-advisory?

https://www.broadcom.com/support/vmware-services/security-response

https://support.broadcom.com/group/ecx/productlifecycle

https://blogs.vmware.com/security


VMware Aria Operations 8.18 Hot Fix 6

By Lerpong Intaraworrapath | 16th June 2025

Please be notified that VMware has released Aria Operations 8.18 HF6, which fixes a few problems and addresses numerous CVEs.

https://knowledge.broadcom.com/external/article?articleId=398034

https://support.broadcom.com/web/ecx/solutiondetails?patchId=5858

It may be applied to any 8.18.x environment and when applied will move you to 8.18.3 (24746341).

How to get the Pre-Upgrade Assessment Tool and Patch file?

  • Noted: step below to download the patch file that you may patch directly to VMware Aria Operations

1.Go to https://support.broadcom.com and sign in using your credentials.

2.Go to “My Download” and select “VMware“.

3.Type “Aria” and then click “Show Results“.

4.Select “VMware Aria Operations”.

5.Select “Solutions” and then “VMware Aria Operations“.

6.Go to “VMware-Aria-Operations-8.18-HF6“.

7.Download 2 files.

1.APUAT-for-8.14.x-8.18.3.24576666.pak – Pre-Upgrade Readiness Assessment Tool for VMware Aria Operations
https://knowledge.broadcom.com/external/article/324358/using-the-preupgrade-readiness-assessmen.html
2.vRealize_Operations_Manager_With_CP-8.14.x-to-8.18.3.24746337.pak – Patch file

8.Once downloaded, use the Admin UI at https://your_ops_fqdn_here/admin.  Navigate to Software Update – INSTALL A SOFTWARE UPDATE and point it to your APUAT pak file.

9.And then apply HF6 via the Software Update page, BROWSE to your file.

Reference

https://knowledge.broadcom.com/external/article?articleId=398034

https://knowledge.broadcom.com/external/article?articleNumber=342576

https://support.broadcom.com/web/ecx/solutiondetails?patchId=5858


VMware Cloud Foundation 9

By Lerpong Intaraworrapath | 2nd July 2025

As of today, VMware Cloud Foundation 9.0 is generally available.

VMware Cloud Foundation 9 (VCF 9) is being developed with the intention of simplifying how businesses deploy and manage contemporary infrastructure. It will enable enterprises to manage their whole infrastructure as a single, integrated system.

What’s New in VMware Cloud Foundation 9.0

https://blogs.vmware.com/cloud-foundation/2025/06/17/whats-new-in-vmware-cloud-foundation-9-0

Introducing VMware Cloud Foundation 9

https://blogs.vmware.com/cloud-foundation/2024/08/27/vmware-cloud-foundation-9

Broadcom TechDocs

https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0.html

vCenter Server Services are not displayed on the “vCenter Appliance Availability” Dashboard.

By Lerpong Intaraworrapath | 3rd June 2025

In Aria Operation 8.18, you may monitor vCenter Server services by going to the vCenter Appliance Availability dashboard.

If you do not see vCenter and all its services, please check the VMware Service Lifecycle Manager API in the vCenter Appliance and start these services. (In vCenter Server Management versions 8.0.3 and above, the start type must be set to automated).

Step-by-Step

1.Log in to Aria Operations and go to “Operations” then “Dashboards” to find the “vCenter Appliance Availability” Dashboard.

2.when you click on the vCenter Server. The entire vCenter Server is not visible, and you receive the message “The view cannot be rendered for the specified Object“.

3.Login to the vCenter server Appliance

4.In a Web browser, go to the vCenter Server Appliance Management Interface, https://appliance-IP-address-or-FQDN:5480.

5.You have to start the “VMware Service Lifecycle Manager API” from the vCenter Appliance. (Automated start needs to be performed in vCenter Server Management versions 8.0.3 and above).

6.Navigate to “Services” and select “VMware Service Lifecycle Manager API“.

7.Click “START” and select “SET STARTUP TYPE“.

8.Set Service Startup Type to “Automatic” and click “SET“.

9.Wait 5 to 10 minutes before logging back into Aria Operations and selecting the “vCenter Appliance Availability” dashboard. Select “vCenter Server“, and the vCenter Server services will appear.

Reference

https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/6-7/configuring-vcenter-server-6-7/configuring-vcenter-server-using-the-management-interface/log-in-to-the-vcenter-server-management-interface.html

https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-configuration-guide-8-18/connect-to-data-sources/vmware-infrastructure-health/vcenter-services-in-vmware-infra-health.html

VMSA-2025-0008 | VMware Aria Automation

By Lerpong Intaraworrapath | May 16th, 2025

VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711

Advisory ID: VMSA-2025-0008
Advisory Severity:Important
CVSSv3 Range:8.2
Synopsis:VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
Issue date:2025-05-12
Updated on:2025-05-12 (Initial Advisory)
CVE(s)CVE-2025-22249

Impacted Products:

  • VMware Aria Automation
  • VMware Cloud Foundation
  • VMware Telco Cloud Platform

Introduction:

 A DOM based Cross-Site Scripting (XSS) vulnerability in VMware Aria Automation was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

DOM based Cross-site scripting(XSS) vulnerability (CVE-2025-22249)

Description:

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.2.

Know Attack Vectors:

A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

Resolution:

To remediate CVE-2025-22249, apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds:

None.

Additional Documentation:

None.

Acknowledgements:

VMware would like to thank Bartosz Reginiak for reporting this issue to us.

Notes:

None.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAddition Documents
VMware Aria Automation8.18.xAny

CVE-2025-222498.2Important8.18.1 patch 2NoneNone
VMware Cloud Foundation5.x, 4.xAnyCVE-2025-222498.2ImportantKB394224NoneNone
VMware Telco Cloud Platform5.xAnyCVE-2025-222498.2Important8.18.1 patch 2NoneNone

References:

Fixed Version(s) and Release Notes:
Downloads and Documentation

Additional Documentation:

None.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22249

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Change Log:

2025-05-12: VMSA-2025-0008
Initial security advisory.

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711