Introduction to VMSA-2026-0002 VMSA-2026-0002, released on February 26, 2026, addresses critical vulnerabilities in VMware Workstation and VMware Fusion. This advisory focuses on desktop hypervisors rather than enterprise vSphere infrastructure. However, this narrower scope does not diminish its importance. Workstation and Fusion are commonly deployed on highly trusted endpoints. These systems are used by engineers, administrators, developers, and security teams. They frequen

Introduction VMSA-2026-0001 addresses three vulnerabilities identified as CVE-2026-22719, CVE-2026-22720, and CVE-2026-22721. The advisory applies to VMware Aria Operations, a platform commonly integrated directly into vCenter environments for monitoring, analytics, and operational visibility. Aria Operations maintains authenticated connections to vCenter, collects configuration and performance data from ESXi hosts, and often integrates with Active Directory or other external

Introduction VMSA-2024-0012 is not a new advisory. It was originally published in 2024 and, at the time, clearly communicated the severity of the underlying issues. Many organizations reviewed it, assessed impact, and made decisions based on their patching cycles, operational constraints, or perceived exposure. What has changed is not the technical nature of the vulnerabilities, but the context in which they now exist. In January 2026, Broadcom updated the advisory to confir

Introduction Broadcom’s latest security advisory, VMSA-2025-0015, underscores a persistent truth about enterprise virtualization: the most damaging risks often originate not in exotic exploits, but in everyday operational tools. Published on September 29 and updated on October 30, 2025, this advisory discloses multiple vulnerabilities across VMware Aria Operations, VMware Tools, Telco Cloud Platform, and Cloud Foundation. One of the vulnerabilities, CVE-2025-41244, is already

Introduction On September 29, 2025, VMware (via Broadcom) published VMSA-2025-0015, which addresses three vulnerabilities in VMware Aria Operations and VMware Tools (CVE-2025-41244, CVE-2025-41245, CVE-2025-41246). This is the initial publication of the advisory. It rates these issues as Important / High severity, with CVSSv3 base scores ranging from 4.9 to 7.8. Affected products include VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platfor

Introduction On September 29, 2025, Broadcom, released VMSA-2025-0016 . The advisory discloses multiple vulnerabilities in vCenter and NSX, ranging from SMTP header injection to weak password recovery mechanisms that allow username enumeration. The severity is listed as Important , with CVSS scores ranging from 7.5 to 8.5. This is not a cosmetic issue. For enterprises that depend on vCenter and NSX to anchor their virtualization and network segmentation, these flaws cut dir

Introduction Disruption doesn’t always announce itself with exploits and remote code execution. Sometimes, it creeps in quietly through a denial-of-service vulnerability, targeting the very control plane that makes modern virtualization work. VMware vCenter Server sits at the heart of nearly every vSphere environment, orchestrating workloads, monitoring infrastructure, and serving as the single pane of glass for managing compute at scale. On July 29, 2025, Broadcom released a

What is it? On July 15, 2025, Broadcom released VMSA-2025-0013, disclosing multiple critical vulnerabilities impacting VMware ESXi, Workstation, Fusion, and VMware Tools. These issues include three memory safety flaws that may lead to code execution on the host system, and one information disclosure issue resulting from uninitialized memory usage in vSockets. All four vulnerabilities were discovered through the Pwn2Own competition and responsibly reported to Broadcom. Patches

What Is It? On June 4, 2025, Broadcom issued Security Advisory VMSA-2025-0012 disclosing three stored cross-site scripting (XSS) vulnerabilities affecting VMware NSX. These flaws exist within the NSX Manager user interface, Gateway Firewall, and Router Port components. They are tracked as CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245. These vulnerabilities impact multiple NSX versions including 4.1.x, 4.2.1.x, and 4.2.x, and extend to affected deployments of VMware Cloud

Executive Summary Broadcom’s advisory VMSA-2025-0011 discloses CVE-2025-41233, a moderate-severity vulnerability in VMware Avi Load Balancer. The issue is an authenticated blind SQL injection flaw that allows logged-in users to infer data from the backend database by manipulating application behavior through crafted queries. While the injection does not expose results directly, attackers can use response variations to extract sensitive information. This article breaks down th

Introduction On May 20, 2025, Broadcom (formerly VMware) released VMSA-2025-0010, a security advisory disclosing a set of newly discovered vulnerabilities affecting a wide range of VMware products, including vCenter Server, ESXi, Workstation, and Fusion. Unlike prior advisories that often spotlight a single critical issue, this release details four distinct vulnerabilities, each posing different operational and security implications depending on the platform and deployment. A

Introduction On May 20, 2025, Broadcom published VMSA-2025-0009, a security advisory detailing three newly discovered vulnerabilities in VMware Cloud Foundation. All three issues were reported by the NATO Cyber Security Centre (NCSC) and affect versions 4.5.x and 5.x of the platform. These vulnerabilities allow unauthorized access to files, information disclosure through exposed endpoints, and the execution of privileged operations due to missing authorization checks. There a

Introduction Broadcom has issued a moderate-severity security advisory, VMSA-2025-0007, addressing a newly disclosed vulnerability in VMware Tools identified as CVE-2025-22247. This vulnerability affects both Windows and Linux guest operating systems and introduces a risk scenario where a non-privileged user inside a virtual machine could tamper with file operations carried out by VMware Tools. Although this flaw is not exploitable for guest-to-host escape, it may allow local

Introduction Broadcom has published VMSA-2025-0008 to address a newly disclosed DOM-based Cross-Site Scripting (XSS) vulnerability in VMware Aria Automation, previously known as vRealize Automation. The issue is tracked as CVE-2025-22249 and has been assigned a CVSSv3 base score of 8.2 (Important severity). This client-side scripting flaw could allow an attacker to steal access tokens or session identifiers from authenticated users by tricking them into visiting a specially c

Introduction Broadcom has released VMSA-2025-0006, disclosing a local privilege escalation vulnerability in VMware Aria Operations. The vulnerability is tracked as CVE-2025-22231 and impacts multiple VMware platforms. Any attacker with local administrative access to the appliance can escalate privileges to root. There is no workaround. Patching is required. What Is It? CVE-2025-22231 is a local privilege escalation vulnerability affecting the following products: VMware Aria O

Introduction Broadcom has issued a new VMware Security Advisory, VMSA-2025-0005, disclosing a flaw in VMware Tools for Windows. This vulnerability, tracked as CVE-2025-22230, allows local attackers to bypass authentication controls and execute privileged operations from a non-admin account inside the guest OS. Important to note: This vulnerability does not appear to affect the ESXi hypervisor, vCenter Server, or any other virtual machines running in the same environment. Base

Introduction On March 4, 2025, Broadcom issued VMSA-2025-0004, disclosing actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion. CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 allow attackers to escape virtual machines, execute arbitrary code on the host, and exfiltrate sensitive data. These threats pose a critical risk to cloud and enterprise environments where VMware hypervisors are foundational. Organizations must act immediately to patch affected

Introduction Broadcom VMware has released VMSA-2025-0003, a security advisory detailing multiple vulnerabilities affecting VMware Aria Operations for Logs, Aria Operations, and VMware Cloud Foundation. These vulnerabilities range from information disclosure to privilege escalation and stored cross-site scripting (XSS), posing risks to system integrity, confidentiality, and overall security. For organizations leveraging VMware’s cloud and virtualization management platforms, u

Introduction Today, VMware disclosed a significant security vulnerability VMSA-2025-0002 (CVE-2025-22217) impacting its Avi Load Balancer platform. With a CVSSv3 score of 8.6 (Important), this unauthenticated blind SQL injection flaw has the potential to severely compromise critical systems, making it essential for organizations using this platform to act swiftly. Here’s what you need to know about the vulnerability, its implications, and how to protect your environment. What

Recently, VMware issued VMSA-2025-0001, addressing a Server-Side Request Forgery (SSRF) vulnerability, CVE-2025-22215, in VMware Aria Automation and Cloud Foundation. For anyone managing virtualized or hybrid environments, this raises important questions about how vulnerabilities like SSRF could be leveraged to enable broader attacks. Let’s unpack what this means and why it matters. What is SSRF and Why Should You Care? SSRF (Server-Side Request Forgery) is a vulnerability th