Insights from the Field

Introduction On May 20, 2025, Broadcom published VMSA-2025-0009, a security advisory detailing three newly discovered vulnerabilities in VMware Cloud Foundation. All three issues were reported by the NATO Cyber Security Centre (NCSC) and affect versions 4.5.x and 5.x of the platform. These vulnerabilities allow unauthorized access to files, information disclosure through exposed endpoints, and the execution of privileged operations due to missing authorization checks. There a

Introduction Broadcom has issued a moderate-severity security advisory, VMSA-2025-0007, addressing a newly disclosed vulnerability in VMware Tools identified as CVE-2025-22247. This vulnerability affects both Windows and Linux guest operating systems and introduces a risk scenario where a non-privileged user inside a virtual machine could tamper with file operations carried out by VMware Tools. Although this flaw is not exploitable for guest-to-host escape, it may allow local