Broadcom has released critical security updates addressing multiple high-severity vulnerabilities in VMware Aria Operations, NSX, vCenter, and VMware Tools. These flaws, if left unpatched, could allow attackers to escalate privileges, manipulate system notifications, and enumerate usernames across enterprise environments.
One of the most severe bugs, tracked as CVE-2025-41244, affects both Aria Operations and VMware Tools. Broadcom explained that a malicious local user with limited privileges could exploit this flaw to gain root access on a virtual machine running VMware Tools managed by Aria Operations with SDMP enabled. This type of escalation could give attackers full control of the affected VM.
Another high-risk issue, CVE-2025-41246, was discovered in VMware Tools for Windows. It could allow attackers to gain access to other guest VMs, posing a serious risk in shared environments. A separate medium-severity bug, CVE-2025-41245, impacts Aria Operations and may expose user credentials.
VMware also resolved a high-severity SMTP header injection vulnerability (CVE-2025-41250) in vCenter. The flaw could let authenticated users with non-admin rights manipulate notification emails tied to scheduled tasks, potentially leading to deceptive or unauthorized communications.
On the NSX side, two serious flaws have been patched.
- CVE-2025-41251: a weak password recovery mechanism that makes brute-force attacks easier.
- CVE-2025-41252: a username enumeration defect that could be leveraged to attempt unauthorized access.
According to Broadcom, fixes are now available in the following product versions:
- Aria Operations 8.18.5
- Cloud Foundation and vSphere Foundation 9.0.1.0 and 13.0.5.0
- VMware Tools 13.0.5 and 12.5.4
- Telco Cloud Infrastructure 8.18.5
- vCenter 8.0 U3g and 7.0 U3w
- NSX 4.2.2.2, 4.2.3.1, and 4.1.2.7
- NSX-T 3.2.4.3
Broadcom noted that there is no evidence of active exploitation in the wild. Still, administrators are strongly urged to apply the patches immediately to reduce the risk of compromise. VMware has also published detailed patching instructions for Cloud Foundation and Telco Cloud Infrastructure customers.
These updates highlight once again how attackers continue to target virtualization platforms as a way to infiltrate enterprise networks. Organizations relying on VMware solutions should prioritize patching to stay ahead of potential threats.
