Topic: vmware vulnerabilities
-
CISA Warns: Ransomware Attackers Exploit VMware ESXi Flaw
A critical VMware ESXi vulnerability (CVE-2025-22225) is now actively exploited by ransomware groups, prompting urgent patching calls from CISA. The flaw is part of a trio of zero-days; new analysis reveals a toolkit weaponizing all three, potentially developed by Chinese-speaking actors as early...
Read More » -
CISA Warns: VMware ESXi Flaw Actively Exploited by Ransomware
CISA warns that a critical, patched VMware ESXi vulnerability (CVE-2025-22225) is now being actively exploited by ransomware groups to escape virtual machine sandboxes. The flaw, part of a trio of zero-days, impacts a wide range of VMware products and has reportedly been used by threat actors sin...
Read More » -
CISA Concludes 10 Emergency Directives Following Federal Cyber Audits
CISA has closed ten Emergency Directives from 2019-2024 after confirming their security goals were met, signaling a strategic shift from reactive emergency measures to standardized, ongoing risk management. The retired directives' requirements are now integrated into Binding Operational Directive...
Read More » -
NSA-Reported VMware Flaws Patched by Broadcom
Broadcom has released critical patches for two VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) that allow unauthenticated attackers to enumerate valid usernames, posing risks of unauthorized access. Additional high-severity flaws were addressed in VMware vCenter (CVE-2025-41250) an...
Read More » -
Broadcom Patches Critical VMware Security Flaws
Broadcom has released critical security updates for VMware NSX and vCenter to address multiple high-severity vulnerabilities that could enable cyberattacks on enterprise systems. Among the vulnerabilities, CVE-2025-41250 is an SMTP header injection flaw in vCenter, while CVE-2025-41251 and CVE-20...
Read More »