Various attacks on VMware vCenter, NSX & Co. possible
Attackers can target several vulnerabilities in VMware vCenter and NSX, among others.
(Image: Artur Szczybylo/Shutterstock.com)
Three security vulnerabilities jeopardize PCs on which VMware Cloud Foundation, NSX, NSX-T, Telco Cloud Infrastructure, Telco Cloud Platform, or vCenter Server are installed. If attacks are successful, attackers can, among other things, view data that is actually protected.
Software vulnerabilities
In a warning message, the developers list three vulnerabilities classified as “high” (CVE-2025-41250, CVE-2025-41251, CVE-2025-41252). If an attacker is already authenticated and can create scheduled tasks, they should be able to manipulate emails sent in this context. Without authentication, unauthorized access to usernames is possible, which attackers can then use for brute force attacks.
Videos by heise
So far, there are no reports that attacks are already underway. However, admins should not wait too long and install the security updates promptly. The following versions are protected against the attacks described:
- Cloud Foundation, vSphere Foundation 9.0.1.0
- Cloud Foundation 5.2.2, 7.0 U3w
- Telco Cloud Infrastructure KB411508
- Teclo Cloud Platform KB411508
- vCenter 7.0 U3w, 8.0 U3g
Recently, “critical” vulnerabilities in VMware ESXi, among others, made headlines because admins apparently did not install the available security patches across the board.
(des)
