Inside VMSA-2025-0010: Mitigating the Latest Threats to VMware Infrastructure.
- Milton Sarkar
- May 24
- 2 min read
Broadcom has recently issued Security Advisory VMSA-2025-0010, addressing multiple vulnerabilities in VMware products, including ESXi, vCenter Server, Workstation, and Fusion. These vulnerabilities, identified as CVE-2025-41225 through CVE-2025-41228, vary in severity and potential impact. Administrators are strongly advised to review the details and apply the necessary updates to mitigate associated risks.
Summary of Vulnerabilities:
1. CVE-2025-41225 – Authenticated Command Execution in vCenter Server
Severity: High (CVSSv3 score: 8.8)
Description: An authenticated user with privileges to create or modify alarms and run script actions can execute arbitrary commands on the vCenter Server.
Impact: Potential full compromise of the vCenter Server.
Resolution: Apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' provided in the advisory.Support Portal+4Support Portal+4Support Portal+4Support Portal+4Support Portal+4Support Portal+4
2. CVE-2025-41226 – Guest Operations Denial-of-Service
Severity: Moderate (CVSSv3 score: 6.8)
Description: A malicious actor with guest operation privileges on a VM, authenticated through vCenter Server or ESXi, may trigger a denial-of-service condition on guest VMs with VMware Tools running and guest operations enabled.
Impact: Disruption of services on affected guest VMs.
Resolution: Apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' provided in the advisory.Support Portal+2Support Portal+2Support Portal+2
3. CVE-2025-41227 – Denial-of-Service via Guest Memory Exhaustion
Severity: Moderate (CVSSv3 score: 5.5)
Description: A malicious actor with non-administrative privileges within a guest operating system may exploit this issue by exhausting memory of the host process, leading to a denial-of-service condition.
Impact: Potential disruption of host services due to resource exhaustion.
Resolution: Apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' provided in the advisory.Support Portal+4Support Portal+4Support Portal+4Support Portal+4Support Portal+4Support Portal+4
4. CVE-2025-41228 – Reflected Cross-Site Scripting (XSS) in ESXi and vCenter Server
Severity: Moderate (CVSSv3 score: 4.3)
Description: Improper input validation in certain ESXi host or vCenter Server URL paths allows a malicious actor with network access to the login page to exploit this issue, potentially stealing cookies or redirecting users to malicious websites.
Impact: Risk of credential theft or user redirection to malicious sites.
Resolution: Apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' provided in the advisory.Support Portal
Affected Products
VMware ESXi
VMware vCenter Server
VMware Workstation Pro
VMware Fusion
VMware Cloud Foundation
VMware Telco Cloud Platform
VMware Telco Cloud Infrastructure
Recommended Actions:
Immediate Patching: Review the 'Response Matrix' in the official advisory to identify the fixed versions for your deployments and apply the necessary updates promptly.
Access Control: Restrict privileges for creating or modifying alarms and running script actions in vCenter Server to trusted administrators only.
Monitoring: Implement monitoring for unusual activities, especially those related to alarm configurations and script executions.
User Awareness: Educate users about the risks of clicking on unsolicited links, particularly those that may lead to the vCenter Server login page
This discussion is centered exclusively on VMware Cloud Foundation 5.2.x and the vSphere Environment 8.x, emphasizing the need to quickly patch both vCenter and ESXi Hosts.
VMware Cloud Foundation 5.x Environment:
Interoperability Result:
vSphere Environment:
For the vSphere environment 8.x.x, the fixed versions for both vCenter and ESXi are the same as listed above. These can be applied using the traditional vSphere VAMI, Lifecycle Manager, or CLI methods.
Comments