Insights from the Field

Introduction On September 29, 2025, VMware (via Broadcom) published VMSA-2025-0015, which addresses three vulnerabilities in VMware Aria Operations and VMware Tools (CVE-2025-41244, CVE-2025-41245, CVE-2025-41246). This is the initial publication of the advisory. It rates these issues as Important / High severity, with CVSSv3 base scores ranging from 4.9 to 7.8. Affected products include VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platfor

What is it? On July 15, 2025, Broadcom released VMSA-2025-0013, disclosing multiple critical vulnerabilities impacting VMware ESXi, Workstation, Fusion, and VMware Tools. These issues include three memory safety flaws that may lead to code execution on the host system, and one information disclosure issue resulting from uninitialized memory usage in vSockets. All four vulnerabilities were discovered through the Pwn2Own competition and responsibly reported to Broadcom. Patches

Introduction On May 20, 2025, Broadcom (formerly VMware) released VMSA-2025-0010, a security advisory disclosing a set of newly discovered vulnerabilities affecting a wide range of VMware products, including vCenter Server, ESXi, Workstation, and Fusion. Unlike prior advisories that often spotlight a single critical issue, this release details four distinct vulnerabilities, each posing different operational and security implications depending on the platform and deployment. A