Category: VMSA

VMSA-2025-0016: VMware vCenter and NSX

By Lerpong Intaraworrpath | October 4th, 2025

VMSA-2025-0016: VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

Advisory ID: VMSA-2025-0016
Advisory Severity:Important
CVSSv3 Range:7.5 -8.5
Synopsis:VMware vCenter and NSX updates address multiple vulnerabilities (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252)
Issue date:2025-09-29
Updated on:2025-09-29 (Initial Advisory)
CVE(s)CVE-2025-41250, CVE-2025-41251, CVE-2025-41252

Impacted Products:

  • VMware NSX – 4.2.x, 4.1.x, 4.0.x
  • NSX-T – 3.x
  • VMware Cloud Foundation – 9.x.x.x, 5.x, 4.5.x
  • VMware vCenter Server -8.0, 7.0
  • VMware Telco Cloud Platform – 5.x, 4.x, 3.x, 2.x
  • VMware Telco Cloud Infrastructure – 3.x, 2.x

Introduction

Multiple vulnerabilities in VMware vCenter and NSX were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products.

A.vCenter SMTP header injection vulnerability (CVE-2025-41250)

B.NSX weak password recovery mechanism vulnerability (CVE-2025-41251)

C.NSX username enumeration vulnerability (CVE-2025-41252)

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150

VMSA-2025-0015: VMware Aria Operations and VMware Tools

By Lerpong Intaraworrpath | October 4th, 2025

VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

Advisory ID: VMSA-2025-0015
Advisory Severity:Important
CVSSv3 Range:4.9 -7.8
Synopsis:VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)
Issue date:2025-09-29
Updated on:2025-09-29 (Initial Advisory)
CVE(s)CVE-2025-41244, CVE-2025-41245, CVE-2025-41246

Impacted Products:

  • VMware Aria Operations – version 8.x
  • VMware Tools – 13.x.x, 12.x.x, 11.x.x
  • VMware Cloud Foundation – 5.x, 4.x, 9.x.x.x
  • VMware Telco Cloud Platform – 5.x, 4.x
  • VMware Telco Cloud Infrastructure – 3.x, 2.x

Introduction

Multiple vulnerabilities in VMware Aria Operations and VMware Tools were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in affected Broadcom products.

A.Local privilege escalation vulnerability (CVE-2025-41244)

B.VMware Aria Operations Information disclosure vulnerability (CVE-2025-41245)

C.VMware Tools improper authorisation vulnerability (CVE-2025-41246)

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities

By Lerpong Intaraworrapath | July 22nd, 2025

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

Advisory ID: VMSA-2025-0013
Advisory Severity:Critical
CVSSv3 Range:6.2-9.3
Synopsis:VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
Issue date:2025-07-15
Updated on:2025-07-15 (Initial Advisory)
CVE(s)CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239

Impacted Products

  • VMware Cloud Foundation
  • VMware vSphere Foundation
  • VMware ESXi
  • VMware Workstation Pro
  • VMware Fusion
  • VMware Tools
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure

Introduction

Multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products. 

A.VMXNET3 integer-overflow vulnerability (CVE-2025-41236) 

B.VMCI integer-underflow vulnerability (CVE-2025-41237) 

C.PVSCSI heap-overflow vulnerability (CVE-2025-41238)

More here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

https://support.broadcom.com/web/ecx/security-advisory?

https://www.broadcom.com/support/vmware-services/security-response

https://support.broadcom.com/group/ecx/productlifecycle

https://blogs.vmware.com/security


VMware Aria Operations 8.18 Hot Fix 6

By Lerpong Intaraworrapath | 16th June 2025

Please be notified that VMware has released Aria Operations 8.18 HF6, which fixes a few problems and addresses numerous CVEs.

https://knowledge.broadcom.com/external/article?articleId=398034

https://support.broadcom.com/web/ecx/solutiondetails?patchId=5858

It may be applied to any 8.18.x environment and when applied will move you to 8.18.3 (24746341).

How to get the Pre-Upgrade Assessment Tool and Patch file?

  • Noted: step below to download the patch file that you may patch directly to VMware Aria Operations

1.Go to https://support.broadcom.com and sign in using your credentials.

2.Go to “My Download” and select “VMware“.

3.Type “Aria” and then click “Show Results“.

4.Select “VMware Aria Operations”.

5.Select “Solutions” and then “VMware Aria Operations“.

6.Go to “VMware-Aria-Operations-8.18-HF6“.

7.Download 2 files.

1.APUAT-for-8.14.x-8.18.3.24576666.pak – Pre-Upgrade Readiness Assessment Tool for VMware Aria Operations
https://knowledge.broadcom.com/external/article/324358/using-the-preupgrade-readiness-assessmen.html
2.vRealize_Operations_Manager_With_CP-8.14.x-to-8.18.3.24746337.pak – Patch file

8.Once downloaded, use the Admin UI at https://your_ops_fqdn_here/admin.  Navigate to Software Update – INSTALL A SOFTWARE UPDATE and point it to your APUAT pak file.

9.And then apply HF6 via the Software Update page, BROWSE to your file.

Reference

https://knowledge.broadcom.com/external/article?articleId=398034

https://knowledge.broadcom.com/external/article?articleNumber=342576

https://support.broadcom.com/web/ecx/solutiondetails?patchId=5858


VMSA-2025-0008 | VMware Aria Automation

By Lerpong Intaraworrapath | May 16th, 2025

VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711

Advisory ID: VMSA-2025-0008
Advisory Severity:Important
CVSSv3 Range:8.2
Synopsis:VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
Issue date:2025-05-12
Updated on:2025-05-12 (Initial Advisory)
CVE(s)CVE-2025-22249

Impacted Products:

  • VMware Aria Automation
  • VMware Cloud Foundation
  • VMware Telco Cloud Platform

Introduction:

 A DOM based Cross-Site Scripting (XSS) vulnerability in VMware Aria Automation was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

DOM based Cross-site scripting(XSS) vulnerability (CVE-2025-22249)

Description:

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.2.

Know Attack Vectors:

A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

Resolution:

To remediate CVE-2025-22249, apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds:

None.

Additional Documentation:

None.

Acknowledgements:

VMware would like to thank Bartosz Reginiak for reporting this issue to us.

Notes:

None.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAddition Documents
VMware Aria Automation8.18.xAny

CVE-2025-222498.2Important8.18.1 patch 2NoneNone
VMware Cloud Foundation5.x, 4.xAnyCVE-2025-222498.2ImportantKB394224NoneNone
VMware Telco Cloud Platform5.xAnyCVE-2025-222498.2Important8.18.1 patch 2NoneNone

References:

Fixed Version(s) and Release Notes:
Downloads and Documentation

Additional Documentation:

None.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22249

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Change Log:

2025-05-12: VMSA-2025-0008
Initial security advisory.

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711

VMSA-2025-0006 | VMware Aria Operations

By Lerpong Intaraworrapath | April 2nd, 2025

VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541

Advisory ID: VMSA-2025-0006
Advisory Severity:Important
CVSSv3 Range:7.8
Synopsis:VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
Issue date:2025-04-01
Updated on:2025-04-01 (Initial Advisory)
CVE(s)CVE-2025-22231

Impacted Products:

  • VMware Aria Operations
  • VMware Cloud Foundation
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure

Introduction:

A local privilege escalation vulnerability in VMware Aria Operations was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

Local Privilege escalation vulnerability (CVE-2025-22231)

Description:

 VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors:

A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

Resolution:

To remediate CVE-2025-22231 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds:

None.

Additional Documentation:

None.

Acknowledgements:

VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.

Notes:

None.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAddition Documents
VMware Aria Operations8.xAny

CVE-2025-222317.8Important8.18 HF 5NoneNone
VMware Cloud Foundation5.x, 4.xAnyCVE-2025-222317.8ImportantKB articleNoneNone
VMware Telco Cloud Platform5.x, 4.x, 3.xAnyCVE-2025-222317.8Important8.18 HF 5NoneNone
VMware Telco Cloud Infrastructure3.x, 2.xAnyCVE-2025-222317.8Important8.18 HF 5NoneNone

References:

Fixed Version(s) and Release Notes:
Downloads and Documentation

Additional Documentation:

None.

Mitre CVE Dictionary Links:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Change Log:

2025-04-01: VMSA-2025-0006
Initial security advisory.

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541




VMSA-2025-0002 | VMware Avi Load Balancer

By Lerpong Intaraworrapath | March 18th, 2025

VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346

Advisory ID: VMSA-2025-0002
Severity:Important
CVSSv3 Range:8.6
Synopsis:VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
Issue date:2025-01-28
Updated on:2025-01-28 (Initial Advisory)
CVE(s)CVE-2025-22217

Impacted Products:

  • VMware Avi Load Balancer

Introduction:

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

Description:

VMware AVI Load Balancer contains an unauthenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.

Know Attack Vectors:

A malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Resolution:

To remediate CVE-2025-22217 apply the patches to the Avi Controller listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAdditional Documents
VMware Avi Load Balancer30.1.1AnyCVE-2025-222178.6Important30.1.2-2p2 NoneNone
VMware Avi Load Balancer30.1.2AnyCVE-2025-222178.6Important30.1.2-2p2 NoneNone
VMware Avi Load Balancer30.2.1AnyCVE-2025-222178.6Important30.2.1-2p5 NoneNone
VMware Avi Load Balancer30.2.2AnyCVE-2025-222178.6Important30.2.2-2p2 NoneNone

References:

Fixed Version(s) and Release Notes:

30.1.1/30.1.2
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html

30.2.1
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html

30.2.2
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html

Additional Documentation:

  • Version 22.x and 21.x are not vulnerable.
  • Version 30.1.1 must be upgraded to 30.1.2 or later before the patch can be applied.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22217

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346



VMSA-2025-0001 | VMware Aria Automation

By Lerpong Intaraworrapath | March 11th, 2025

VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25312

Advisory ID:VMSA-2025-0001
Advisory Severity:Moderate
CVSSv3 Range:4.3
Synopsis:VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)
Issue date:2025-01-07
Updated on:2025-01-07
CVE(s)CVE-2025022215

Impacted Products:

  • VMware Aria Automation
  • VMware Cloud Foundation

Introduction:

 A server-side request forgery (SSRF) vulnerability in VMware Aria Automation was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

Descriptions:

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors:

A malicious actor with “Organization Member” access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.

Resolution:

To remediate CVE-2025-22215 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionsWorkaroundsAdditional Documentations
VMware Aria Automation8.xAnyCVE-2025-222154.3Moderate8.18.1 patch 1NoneNone
VMware Cloud Foundation5.x, 4.xAnyCVE-2025-222154.3ModerateKB 385294NoneNone

References:

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22215

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25312

VMSA-2023-0007.1 | Upgrading VMware Aria Operations for Logs from 8.10.2 to 8.12.0

By Lerpong Intaraworrapath | September 7th ,2023

The version of the VMware Aria Operations for Logs (previously VMware vRealize Log Insight) program running on the remote system is 8.10.2. As a result, it is vulnerable to a remote code execution vulnerability caused by dangerous deserialization. An unauthenticated, a threat actor with network access to VMware Aria Operations for Logs can exploit this to execute arbitrary code as root.

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

Solution

The issue has been fixed on VMware Aria Operations for Logs 8.12.

How can you update VMware Aria Operations for Logs from 8.10.2 to 8.12.0?

*In this article, we will upgrade a VMware Aria Operations for Logs cluster of three nodes.

1.Download the VMware Aria Operations for Logs version 8.12.0 update file.

https://customerconnect.vmware.com/downloads/details?downloadGroup=OPLOGS-8120&productId=1419&rPId=103833

  • VMware Aria Operations for Logs 8.12 – Upgrade Package
  • VMware-vRealize-Log-Insight-8.12.0-21696970.pak
  • File size: 742.68 MB

2.Take a snapshot of three nodes in VMware Aria Operations for Logs.

3.Log in to VMware Aria Operations and navigate to “Configuration” and “Cluster“.

4.Select “UPGRADE CLUSTER“.

5.Cluster upgrade can only be performed when connected directly to the primary node.

6. You may navigate to “Configuration” and “Cluster” on the primary node, then click “UPGRADE CLUSTER” and choose an upgrade file..

7.Click “UPGRADE

8.Click “ACCEPT“.

This image has an empty alt attribute; its file name is Screen-Shot-2566-09-05-at-13.05.09-1024x875.png

9.Upgrade Log Insight is now progress. (Do not refresh or leave this page)

10.One node of the VMware Aria Operations for Logs cluster has been successfully upgraded.

11.Log in to VMware Aria Operations for Logs master node to verify upgrade status.

  • Node 1 has been completed.
  • Node 2 has been completed.
  • Node 3 has been completed.

12.VMware Aria Operations for Logs has been updated successfully

13.Log in to VMware Aria Operations to verify the version.

14.Check the dashboard and additional integrations.

Reference

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/vmware-aria-operations-for-logs-812-release-notes/index.html

https://blogs.vmware.com/management/2023/04/whats-new-in-aria-operations-for-logs-8-12.html

VMSA-2023-0012 | Aria Operations for Networks (Formerly vRealize Network Insight)

By Lerpong Intaraworrapath | June 15th ,2023

Critical severity

Impacted Products

Aria Operations for Networks (Formerly vRealize Network Insight)

CVE(s)

CVE-2023-20887, CVE-2023-20888, CVE-2023-20889

Synopsis

VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889)

Introduction

Multiple vulnerabilities in Aria Operations for Networks were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Aria Operations Networks6.xAnyCVE-2023-20887, CVE-2023-20888, CVE-2023-208899.8, 9.1, 8.8CriticalKB92684NoneN/A

References

Fixed Version(s) and Release Notes:

VMware Aria Operations for Networks 6.x HF: KB92684

Change Log

2023-06-07 VMSA-2023-0012

Initial security advisory.

VMware Security Advisories

http://www.vmware.com/security/advisories

https://www.vmware.com/security/advisories/VMSA-2023-0012.html