Insights from the Field

Introduction On September 29, 2025, Broadcom, released VMSA-2025-0016 . The advisory discloses multiple vulnerabilities in vCenter and NSX, ranging from SMTP header injection to weak password recovery mechanisms that allow username enumeration. The severity is listed as Important , with CVSS scores ranging from 7.5 to 8.5. This is not a cosmetic issue. For enterprises that depend on vCenter and NSX to anchor their virtualization and network segmentation, these flaws cut dir

Introduction Disruption doesn’t always announce itself with exploits and remote code execution. Sometimes, it creeps in quietly through a denial-of-service vulnerability, targeting the very control plane that makes modern virtualization work. VMware vCenter Server sits at the heart of nearly every vSphere environment, orchestrating workloads, monitoring infrastructure, and serving as the single pane of glass for managing compute at scale. On July 29, 2025, Broadcom released a

What is it? On July 15, 2025, Broadcom released VMSA-2025-0013, disclosing multiple critical vulnerabilities impacting VMware ESXi, Workstation, Fusion, and VMware Tools. These issues include three memory safety flaws that may lead to code execution on the host system, and one information disclosure issue resulting from uninitialized memory usage in vSockets. All four vulnerabilities were discovered through the Pwn2Own competition and responsibly reported to Broadcom. Patches

Executive Summary Broadcom’s advisory VMSA-2025-0011 discloses CVE-2025-41233, a moderate-severity vulnerability in VMware Avi Load Balancer. The issue is an authenticated blind SQL injection flaw that allows logged-in users to infer data from the backend database by manipulating application behavior through crafted queries. While the injection does not expose results directly, attackers can use response variations to extract sensitive information. This article breaks down th