- 112/2025
- High
VMware has released security updates to fix several vulnerabilities affecting multiple VMware products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, cause a cross-site scripting attack, execute arbitrary commands/codes, and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. VMware vCenter Server Authenticated Command Execution Vulnerability (CVE-2025-41225):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. VMware ESXi Guest Operations Denial-of-Service Vulnerability (CVE-2025- 41226):
- CVSS: 6.8
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- VMware ESXi.
- VMware vCenter Server.
- VMware Workstation Pro.
- VMware Fusion.
- VMware Cloud Foundation.
- VMware Telco Cloud Platform.
- VMware Telco Cloud Infrastructure.
Vulnerabilities
- CVE-2025-41225
- CVE-2025-41226
- CVE-2025-41227
- CVE-2025-41228
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.