Category: VCF 9

VMSA-2025-0016: VMware vCenter and NSX

By Lerpong Intaraworrpath | October 4th, 2025

VMSA-2025-0016: VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Advisory ID: VMSA-2025-0016
Advisory Severity:Important
CVSSv3 Range:7.5 -8.5
Synopsis:VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252)
Issue date:2025-09-29
Updated on:2025-09-29 (Initial Advisory)
CVE(s)CVE-2025-41250, CVE-2025-41251, CVE-2025-41252

Impacted Products:

  • VMware NSX – 4.2.x, 4.1.x, 4.0.x
  • NSX-T – 3.x
  • VMware Cloud Foundation – 9.x.x.x, 5.x, 4.5.x
  • VMware vCenter Server -8.0, 7.0
  • VMware Telco Cloud Platform – 5.x, 4.x, 3.x, 2.x
  • VMware Telco Cloud Infrastructure – 3.x, 2.x

Introduction

Multiple vulnerabilities in VMware vCenter and NSX were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products.

A.vCenter SMTP header injection vulnerability (CVE-2025-41250)

B.NSX weak password recovery mechanism vulnerability (CVE-2025-41251)

C.NSX username enumeration vulnerability (CVE-2025-41252)

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

VMSA-2025-0015: VMware Aria Operations and VMware Tools

By Lerpong Intaraworrpath | October 4th, 2025

VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

Advisory ID: VMSA-2025-0015
Advisory Severity:Important
CVSSv3 Range:4.9 -7.8
Synopsis:VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)
Issue date:2025-09-29
Updated on:2025-09-29 (Initial Advisory)
CVE(s)CVE-2025-41244, CVE-2025-41245, CVE-2025-41246

Impacted Products:

  • VMware Aria Operations – version 8.x
  • VMware Tools – 13.x.x, 12.x.x, 11.x.x
  • VMware Cloud Foundation – 5.x, 4.x, 9.x.x.x
  • VMware Telco Cloud Platform – 5.x, 4.x
  • VMware Telco Cloud Infrastructure – 3.x, 2.x

Introduction

Multiple vulnerabilities in VMware Aria Operations and VMware Tools were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in affected Broadcom products.

A.Local privilege escalation vulnerability (CVE-2025-41244)

B.VMware Aria Operations Information disclosure vulnerability (CVE-2025-41245)

C.VMware Tools improper authorisation vulnerability (CVE-2025-41246)

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

VMware Cloud Foundation Architecture Poster

By Lerpong Intaraworrapath | 7th August 2025

VMware Cloud Foundation Architecture Poster

The VMware Cloud Foundation (VCF) Architecture poster has been updated and includes many of the new advancements introduced with the release of VCF 9. It provides a visual guide that outlines the key components and architecture that enable a software-defined data center (SDDC) and cloud operating model.

https://blogs.vmware.com/cloud-foundation/2025/08/04/vmware-cloud-foundation-architecture-poster

Download the VMware Cloud Foundation Architecture poster.

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities

By Lerpong Intaraworrapath | July 22nd, 2025

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

Advisory ID: VMSA-2025-0013
Advisory Severity:Critical
CVSSv3 Range:6.2-9.3
Synopsis:VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
Issue date:2025-07-15
Updated on:2025-07-15 (Initial Advisory)
CVE(s)CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239

Impacted Products

  • VMware Cloud Foundation
  • VMware vSphere Foundation
  • VMware ESXi
  • VMware Workstation Pro
  • VMware Fusion
  • VMware Tools
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure

Introduction

Multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products. 

A.VMXNET3 integer-overflow vulnerability (CVE-2025-41236) 

B.VMCI integer-underflow vulnerability (CVE-2025-41237) 

C.PVSCSI heap-overflow vulnerability (CVE-2025-41238)

More here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

https://support.broadcom.com/web/ecx/security-advisory?

https://www.broadcom.com/support/vmware-services/security-response

https://support.broadcom.com/group/ecx/productlifecycle

https://blogs.vmware.com/security


VMware Cloud Foundation 9

By Lerpong Intaraworrapath | 2nd July 2025

As of today, VMware Cloud Foundation 9.0 is generally available.

VMware Cloud Foundation 9 (VCF 9) is being developed with the intention of simplifying how businesses deploy and manage contemporary infrastructure. It will enable enterprises to manage their whole infrastructure as a single, integrated system.

What’s New in VMware Cloud Foundation 9.0

https://blogs.vmware.com/cloud-foundation/2025/06/17/whats-new-in-vmware-cloud-foundation-9-0

Introducing VMware Cloud Foundation 9

https://blogs.vmware.com/cloud-foundation/2024/08/27/vmware-cloud-foundation-9

Broadcom TechDocs

https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0.html