VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)

byvLOOKUPHUB -
1
VMware Security Alert, vCenter and ESXi Vulnerabilities, VMware CVE,

New VMware Security Alert: Patch These 4 Critical Vulnerabilities (May 2025)

Published: May 20, 2025
Severity: High (CVSS: 4.3 - 8.8)
Advisory ID: VMSA-2025-0010
Products Affected: ESXi, vCenter Server, Workstation, Fusion, Cloud Foundation & Telco Platforms

VMware has released a critical security update to address four new vulnerabilities affecting multiple products, including vCenter Server, ESXi, Workstation, and Fusion.

These vulnerabilities could allow attackers to:

  • Run commands on vCenter (RCE)
  • Crash guest VMs (DoS)
  • Exhaust host memory
  • Perform XSS attacks via web interfaces

    • Vulnerabilities Explained

    1. CVE-2025-41225: Remote Command Execution in vCenter

    Severity: 8.8 (Important)
    Impact: If an attacker can create/modify alarms and scripts in vCenter, they can run commands directly on the server.
    Fix: Patch to vCenter 8.0 U3e or 7.0 U3v.

    2. CVE-2025-41226: Denial of Service via Guest Ops

    Severity: 6.8 (Moderate)
    Impact: A VM user with guest operation rights could crash guest VMs by abusing VMware Tools.
    Fix: Update ESXi to ESXi 8.0U3se or 7.0U3sv.

    3. CVE-2025-41227: Host Memory Exhaustion

    Severity: 5.5 (Moderate)
    Impact: Even non-admin users inside VMs can potentially exhaust host memory, leading to DoS on Workstation, Fusion, and ESXi.
    Fix:

    • ESXi: Update to 8.0U3se or 7.0U3sv
    • Workstation: Update to 17.6.3
    • Fusion: Update to 13.6.3

    4. CVE-2025-41228: XSS in vCenter/ESXi Login

    Severity: 4.3 (Moderate)
    Impact: Attackers could use malicious URLs to steal cookies or redirect admins to fake sites.
    Fix: Included in vCenter 8.0 U3e, ESXi 8.0U3se/7.0U3sv

    Affected Products:

    If you’re running any of the following, you need to act:

    • vCenter Server (7.0, 8.0)
    • ESXi (7.0, 8.0)
    • VMware Workstation (17.x)
    • VMware Fusion (13.x)
    • Cloud Foundation 4.x / 5.x
    • Telco Cloud Infrastructure & Platform (multiple versions)

    How to Fix This:

    Recommended Actions:

    1. Check your current versions (vCenter, ESXi, Workstation, Fusion).
    2. Match them with fixed versions from VMware Advisory: VMware Security Advisory
    3. Apply updates or async patches as recommended.

    For Cloud Foundation or Telco Platforms, follow VMware’s KB88287 Async Patch Guide for platform-specific instructions.

    Final Note: Don't Delay These Patches!

    While no workarounds exist, the good news is that updates are already available. Delaying patching could expose your environment to RCE, DoS, or session hijacking.

    Stay Secure, Stay Informed!!

    1 Comments

    Previous Post Next Post