Attackers can crash virtual machines created with VMware
Broadcom has released important security updates for VMware ESXi, vCenter Server, Workstation and Fusion.
(Image: Artur Szczybylo/Shutterstock.com)
Several security vulnerabilities endanger computers with certain VMware applications. If the conditions are right, attackers can crash VMs or even execute their commands. Security patches are available.
Install security updates
Admins can find the list of repaired versions at the end of this message. The warning message shows that the most dangerous vulnerability (CVE-2025-41225 "high") affects vCenter Server. At this point, an authenticated attacker can execute their own commands.
Videos by heise
If an attacker has guest VM rights, he can create a DoS state for a guest VM (CVE-2025-41226 "medium"). This usually leads to crashes. Other DoS attacks (CVE-2025-41227 "medium") and XSS attacks (CVE-2025-41228 "medium") are also possible.
- VMware Fusion 13.6.3
- VMware Cloud Foundation (ESXi) ESXi70U3sv-24723868, ESXi80U3se-24659227
- VMware Cloud Foundation (vCenter) 7.0 U3v, 8.0 U3e
- VMware ESXi ESXi80U3se-24659227, ESXi70U3sv-24723868
- VMware Telco Cloud Platform (ESXi) ESXi70U3sv-24723868, ESXi80U3se-24659227
- VMware Telco Cloud Infrastructure (ESXi) ESXi70U3sv-24723868, ESXi80U3se-24659227
- VMware Telco Cloud Platform (vCenter) 8.0 U3e
- VMware Telco Cloud Infrastructure (vCenter) 8.0 U3e
- VMware Telco Cloud Infrastructure (vCenter) 7.0 U3v
- vCenter Server 7.0 U3v, 8.0 U3e
- VMware Workstation 17.6.3
(des)
