VMware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any VMware product.
RSS Feeds for VMware security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in VMware products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by VMware Sorted by Most Security Vulnerabilities since 2018
Recent VMware Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2025-10-16 | CVE-2025-41254 - Medium - CVE-2025-41254: Spring Framework STOMP CSRF Vulnerability | October 16, 2025 |
| 2025-10-15 | CVE-2025-41253 - Moderate - CVE-2025-41253: Using Spring Expression Language To Expose Environment Variables and System Properties | October 15, 2025 |
| 2025-09-15 | CVE-2025-41249 - Medium - CVE-2025-41249: Spring Framework Annotation Detection Vulnerability | September 15, 2025 |
| 2025-09-15 | CVE-2025-41248 - Medium - CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types | September 15, 2025 |
| 2025-09-08 | CVE-2025-41243 - Critical - CVE-2025-41243: Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux | September 8, 2025 |
| 2025-08-14 | CVE-2025-41242 - Medium - CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers | August 14, 2025 |
| 2025-07-15 | CVE-2025-22227 - Medium - CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client | July 15, 2025 |
| 2025-06-12 | CVE-2025-41234 - Medium - CVE-2025-41234: RFD Attack via “Content-Disposition” Header Sourced from Request | June 12, 2025 |
| 2025-05-27 | CVE-2025-41235 - High - CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies | May 27, 2025 |
| 2025-05-19 | CVE-2025-41232 - Medium - CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods | May 19, 2025 |
Known Exploited VMware Vulnerabilities
The following VMware vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| VMware ESXi and Workstation TOCTOU Race Condition Vulnerability |
VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host. CVE-2025-22224 Exploit Probability: 48.2% |
March 4, 2025 |
| VMware ESXi Arbitrary Write Vulnerability |
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox. CVE-2025-22225 Exploit Probability: 4.2% |
March 4, 2025 |
| VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability |
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process. CVE-2025-22226 Exploit Probability: 4.6% |
March 4, 2025 |
| VMware vCenter Server Heap-Based Buffer Overflow Vulnerability |
VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet. CVE-2024-38812 Exploit Probability: 75.1% |
November 20, 2024 |
| VMware vCenter Server Privilege Escalation Vulnerability |
VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet. CVE-2024-38813 Exploit Probability: 26.8% |
November 20, 2024 |
| VMware ESXi Authentication Bypass Vulnerability |
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. CVE-2024-37085 Exploit Probability: 74.8% |
July 30, 2024 |
| VMware vCenter Server Incorrect Default File Permissions Vulnerability |
VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information. CVE-2022-22948 Exploit Probability: 26.0% |
July 17, 2024 |
| VMware vCenter Server Out-of-Bounds Write Vulnerability |
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution. CVE-2023-34048 Exploit Probability: 92.2% |
January 22, 2024 |
| VMware Tools Authentication Bypass Vulnerability |
VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability. CVE-2023-20867 Exploit Probability: 2.3% |
June 23, 2023 |
| Vmware Aria Operations for Networks Command Injection Vulnerability |
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution. CVE-2023-20887 Exploit Probability: 94.4% |
June 22, 2023 |
| VMware Spring Cloud Gateway Code Injection Vulnerability |
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. CVE-2022-22947 Exploit Probability: 94.5% |
May 16, 2022 |
| VMware Multiple Products Privilege Escalation Vulnerability |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. CVE-2022-22960 Exploit Probability: 70.4% |
April 15, 2022 |
| VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability |
VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. CVE-2022-22954 Exploit Probability: 94.5% |
April 14, 2022 |
| Spring Framework JDK 9+ Remote Code Execution Vulnerability |
Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. CVE-2022-22965 Exploit Probability: 94.4% |
April 4, 2022 |
| VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability |
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution. CVE-2018-6961 Exploit Probability: 92.1% |
March 25, 2022 |
| VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability |
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. CVE-2021-21973 Exploit Probability: 90.3% |
March 7, 2022 |
| VMware Server Side Request Forgery in vRealize Operations Manager API |
Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. CVE-2021-21975 Exploit Probability: 94.4% |
January 18, 2022 |
| VMware vCenter Server Improper Access Control |
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. CVE-2021-22017 Exploit Probability: 75.5% |
January 10, 2022 |
| VMware ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability |
OpenSLP as used in ESXi and the Horizon DaaS appliances have a heap overwrite issue. A malicious actor with network access to port 427 on an ESXi host or on any Horizon DaaS management appliance may be able to overwrite the heap of the OpenSLP service resulting in remote code execution. CVE-2019-5544 Exploit Probability: 92.7% |
November 3, 2021 |
| VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Comm |
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. CVE-2020-4006 Exploit Probability: 9.2% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 9 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 7 known exploited VMware vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest VMware Vulnerabilities
Based on the current exploit probability, these VMware vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2022-22954 | 94.5% | VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability |
| 2 | CVE-2021-22005 | 94.5% | VMware vCenter Server File Upload |
| 3 | CVE-2022-22947 | 94.5% | VMware Spring Cloud Gateway Code Injection Vulnerability |
| 4 | CVE-2022-22965 | 94.4% | Spring Framework JDK 9+ Remote Code Execution Vulnerability |
| 5 | CVE-2021-21975 | 94.4% | VMware Server Side Request Forgery in vRealize Operations Manager API |
| 6 | CVE-2021-21985 | 94.4% | VMware vCenter Server Remote Code Execution Vulnerability |
| 7 | CVE-2023-20887 | 94.4% | Vmware Aria Operations for Networks Command Injection Vulnerability |
| 8 | CVE-2020-3952 | 94.4% | VMware vCenter Server Info Disclosure Vulnerability |
| 9 | CVE-2021-21972 | 93.8% | VMware vCenter Server Remote Code Execution Vulnerability |
| 10 | CVE-2019-5544 | 92.7% | VMware ESXi/Horizon DaaS Appliances Heap-Overwrite Vulnerability |
By the Year
In 2025 there have been 39 vulnerabilities in VMware with an average score of 7.2 out of ten. Last year, in 2024 VMware had 51 security vulnerabilities published. Right now, VMware is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.22.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 39 | 7.20 |
| 2024 | 51 | 6.98 |
| 2023 | 72 | 7.32 |
| 2022 | 79 | 7.21 |
| 2021 | 77 | 7.29 |
| 2020 | 61 | 7.01 |
| 2019 | 31 | 7.16 |
| 2018 | 51 | 7.38 |
It may take a day or so for new VMware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-41254 | Oct 16, 2025 |
Spring Framework STOMP/WS Bypass (5.3.x6.2.x)STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.11 * 6.1.0 - 6.1.23 * 6.0.x - 6.0.29 * 5.3.0 - 5.3.45 * Older, unsupported versions are also affected. MitigationUsers of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix versionAvailability6.2.x6.2.12OSS6.1.x6.1.24 Commercial https://enterprise.spring.io/ 6.0.xN/A Out of support https://spring.io/projects/spring-framework#support 5.3.x5.3.46 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. CreditThis vulnerability was discovered and responsibly reported by Jannis Kaiser. |
Spring Framework
|
| CVE-2025-41253 | Oct 16, 2025 |
Spring Cloud Gateway Webflux Exposes Env Vars via SpELThe following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes. * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured. |
Spring Framework
Server
Spring Cloud Gateway
And others... |
| CVE-2025-41252 | Sep 29, 2025 |
VMware NSX Username Enumeration (pre9.0.1, 4.2.2.2/4.2.3.1, 4.1.2.7, NSXT 3.2.4.3)Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration facilitates unauthorized access. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 7.5 (High). Acknowledgments: Reported by the National Security Agency. Affected Products: * VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x * NSX-T 3.x * VMware Cloud Foundation (with NSX) 5.x, 4.5.x Fixed Versions: * NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287). Workarounds: None. |
Nsx
|
| CVE-2025-41251 | Sep 29, 2025 |
VMware NSX 9.x Weak Pwd Recovery Username Enum. High CVSS 8.1VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration credential brute force risk. Attack Vector: Remote, unauthenticated. Severity: Important. CVSSv3: 8.1 (High). Acknowledgments: Reported by the National Security Agency. Affected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x NSX-T 3.x VMware Cloud Foundation (with NSX) 5.x, 4.5.x Fixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287). Workarounds: None. |
Nsx
|
| CVE-2025-41250 | Sep 29, 2025 |
VMware vCenter SMTP Header Injection in Scheduled Task EmailsVMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks. |
Cloud Foundation
Telco Cloud Platform
Telco Cloud Infrastructure
And others... |
| CVE-2025-41245 | Sep 29, 2025 |
VMware Aria Ops Cred Disclosure via Info LeakVMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations. |
Aria Operations
Cloud Foundation
Telco Cloud Platform
And others... |
| CVE-2025-41244 | Sep 29, 2025 |
VMware Aria Ops/Tools LPE via SDMP (VMware vSphere)VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. |
Tools
Aria Operations
Cloud Foundation
And others... |
| CVE-2025-41246 | Sep 29, 2025 |
VMware Tools for Windows Improper Auth Exploits VM-to-VM AccessVMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX. |
Tools
|
| CVE-2025-41249 | Sep 16, 2025 |
Spring Framework Generic Annotation Detection Flaw in @EnableMethodSecurityThe Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41248 https://spring.io/security/cve-2025-41248 . |
Spring Framework
|
| CVE-2025-41248 | Sep 16, 2025 |
Spring Security JIT Auth Bypass via @PreAuthorize on Generic SupertypeThe Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41249 https://spring.io/security/cve-2025-41249 . |
Spring Security
|
| CVE-2025-41242 | Aug 18, 2025 |
Spring MVC Path Traversal on Non-Compliant Servlet Containers (CVE-2025-41242)Spring Framework MVC applications can be vulnerable to a Path Traversal Vulnerability when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handling We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application. |
Spring Framework
|
| CVE-2025-41241 | Jul 29, 2025 |
VMware vCenter Denial-of-Service via Guest OS Customization APIVMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition. |
Vcenter Server
|
| CVE-2025-41234 | Jun 12, 2025 |
Spring Framework 6.x RFD via CD#filename(String, Charset)Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a Content-Disposition header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an application is vulnerable when all the following are true: * The header is prepared with org.springframework.http.ContentDisposition. * The filename is set via ContentDisposition.Builder#filename(String, Charset). * The value for the filename is derived from user-supplied input. * The application does not sanitize the user-supplied input. * The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details). An application is not vulnerable if any of the following is true: * The application does not set a Content-Disposition response header. * The header is not prepared with org.springframework.http.ContentDisposition. * The filename is set via one of: * ContentDisposition.Builder#filename(String), or * ContentDisposition.Builder#filename(String, ASCII) * The filename is not derived from user-supplied input. * The filename is derived from user-supplied input but sanitized by the application. * The attacker cannot inject malicious content in the downloaded content of the response. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.7 * 6.1.0 - 6.1.20 * 6.0.5 - 6.0.28 * Older, unsupported versions are not affected MitigationUsers of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. CWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets. |
Spring Framework
|
| CVE-2025-22245 | Jun 04, 2025 |
VMware NSX Router Port Stored XSS via Improper Input ValidationVMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. |
Cloud Foundation
Telco Cloud Infrastructure
Telco Cloud Platform
And others... |
| CVE-2025-22244 | Jun 04, 2025 |
VMware NSX Stored XSS in Gateway FirewallVMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. |
Cloud Foundation
Telco Cloud Infrastructure
Telco Cloud Platform
And others... |
| CVE-2025-22243 | Jun 04, 2025 |
VMware NSX Manager UI XSS: Improper Input ValidationVMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. |
Cloud Foundation
Telco Cloud Infrastructure
Telco Cloud Platform
And others... |
| CVE-2025-41235 | May 30, 2025 |
Spring Cloud Gateway X-Forwarded-For header injection via untrusted proxiesSpring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. |
Spring Cloud Gateway
|
| CVE-2025-41225 | May 20, 2025 |
VMware vCenter Server Authenticated Command Execution via Alarm ScriptThe vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server. |
Vcenter Server
|
| CVE-2025-41226 | May 20, 2025 |
VMware ESXi Guest Operation Denial-of-Service via VMware ToolsVMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled. |
ESXi
|
| CVE-2025-41230 | May 20, 2025 |
VMware Cloud Foundation CVE-2025-41230 Info Disclosure via Port 443VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information. |
Cloud Foundation
|
| CVE-2025-41231 | May 20, 2025 |
VMware Cloud Foundation Unauth Exec & Info Leak VulnerabilityVMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. |
Cloud Foundation
|
| CVE-2025-22233 | May 16, 2025 |
Spring Framework <=6.2.6 – Bind Bypass via disallowedFieldsCVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: * 6.2.0 - 6.2.6 * 6.1.0 - 6.1.19 * 6.0.0 - 6.0.27 * 5.3.0 - 5.3.42 * Older, unsupported versions are also affected Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix Version Availability 6.2.x 6.2.7 OSS6.1.x 6.1.20 OSS6.0.x 6.0.28 Commercial https://enterprise.spring.io/ 5.3.x 5.3.43 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation. For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields. Credit This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation. |
Spring Framework
|
| CVE-2025-22249 | May 13, 2025 |
VMware Aria Automation DOM XSS for Access Token TheftVMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. |
Aria Automation
Telco Cloud Platform
Cloud Foundation
And others... |
| CVE-2025-21460 | May 06, 2025 |
VMware ESXi Guest VM Controlled Buffer Memory CorruptionMemory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously. |
ESXi
|
| CVE-2025-22235 | Apr 28, 2025 |
Spring Security EndpointRequest.to() Null/** Matcher BugEndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection You are not affected if any of the following is true: * You don't use Spring Security * You don't use EndpointRequest.to() * The endpoint which EndpointRequest.to() refers to is enabled and is exposed * Your application does not handle requests to /null or this path does not need protection |
Spring Security
|
| CVE-2025-22231 | Apr 01, 2025 |
VMware Aria Ops LPE to root on applianceVMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. |
Aria Operations
|
| CVE-2025-30219 | Mar 25, 2025 |
RabbitMQ <4.0.3 XSS via unescaped VHost name in UIRabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions will display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue. |
Rabbitmq
|
| CVE-2025-22226 | Mar 04, 2025 |
VMware ESXi/Workstation/Fusion: OOB Read in HGFS Enables VM Memory DisclosureVMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. |
ESXi
Cloud Foundation
Fusion
And others... |
| CVE-2025-22225 | Mar 04, 2025 |
VMware ESXi Arbitrary Write Escape via VMX Kernel WriteVMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. |
ESXi
Cloud Foundation
Telco Cloud Infrastructure
And others... |
| CVE-2025-22224 | Mar 04, 2025 |
VMware ESXi TOCTOU OOB Write Allows VM Admin Code Exec as VMXVMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
ESXi
Cloud Foundation
Workstation
And others... |
| CVE-2024-53032 | Mar 03, 2025 |
VMware Workstation Memory Corruption via Keyboard Virtual DeviceMemory corruption may occur in keyboard virtual device due to guest VM interaction. |
Workstation
|
| CVE-2024-53031 | Mar 03, 2025 |
Memory Corruption in VMware ESXi Hypervisor via Guest-Controlled BufferMemory corruption while reading a type value from a buffer controlled by the Guest Virtual Machine. |
ESXi
|
| CVE-2024-38420 | Feb 03, 2025 |
VMware ESXi Virtual Input Config Memory CorruptionMemory corruption while configuring a Hypervisor based input virtual device. |
ESXi
|
| CVE-2025-22222 | Jan 30, 2025 |
VMware Aria Ops Info Disclosure via Outbound Plugin Credential LeakVMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. |
Cloud Foundation
Aria Operations
|
| CVE-2025-22221 | Jan 30, 2025 |
VMware Aria Ops for Logs Stored XSS via Agent Config DeleteVMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. |
Cloud Foundation
Aria Operations For Logs
|
| CVE-2025-22220 | Jan 30, 2025 |
VMware Aria Ops for Logs Privilege Escalation via APIVMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user. |
Cloud Foundation
Aria Operations For Logs
|
| CVE-2025-22219 | Jan 30, 2025 |
VMware Aria Ops for Logs XSS Allows Privilege EscalationVMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user. |
Cloud Foundation
Aria Operations For Logs
|
| CVE-2025-22218 | Jan 30, 2025 |
VMware Aria Ops Logs Info Disclosure in View-Only AdminVMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs |
Cloud Foundation
Aria Operations For Logs
|
| CVE-2025-22215 | Jan 08, 2025 |
VMware Aria Automation SSRF Exposes Internal NetworkVMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network. |
Aria Automation
|
| CVE-2024-38819 | Dec 19, 2024 |
Spring Framework Path Traversal Vulnerability in WebMvc.fn and WebFlux.fnApplications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. |
Spring Framework
|
| CVE-2024-38833 | Nov 26, 2024 |
CVE-2024-38833: Stored XSS via Email Templates in VMware Aria OpsVMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. |
Cloud Foundation
Aria Operations
|
| CVE-2024-38832 | Nov 26, 2024 |
Stored XSS in VMware Aria Ops via View EditingVMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. |
Cloud Foundation
Aria Operations
|
| CVE-2024-38831 | Nov 26, 2024 |
VMware Aria Ops LPE via Properties FileVMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. |
Cloud Foundation
Aria Operations
|
| CVE-2024-38830 | Nov 26, 2024 |
VMware Aria Operations Local Privilege Escalation to Root on ApplianceVMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. |
Cloud Foundation
Aria Operations
|
| CVE-2024-38834 | Nov 26, 2024 |
VMware Aria Ops: Stored XSS via Editing AccessVMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. |
Cloud Foundation
Aria Operations
|
| CVE-2024-38820 | Oct 18, 2024 |
Spring Framework DataBinder Locale-based Case-Insensitive BypassThe fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected. |
Spring Framework
|
| CVE-2024-38814 | Oct 16, 2024 |
Authed SQLi RCE in VMware HCX ManagerAn authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager. Updates are available to remediate this vulnerability in affected VMware products. |
Vmware Hcx
|
| CVE-2024-38812 | Sep 17, 2024 |
VMware vCenter Server DCERPC Heap Overflow RCEThe vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. |
Vcenter Server
|
| CVE-2024-38813 | Sep 17, 2024 |
VMware vCenter Server Priv Escalation via Malicious Network PacketThe vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. |
Vcenter Server
|
| CVE-2024-38811 | Sep 03, 2024 |
Code Execution via Insecure Env Variable in VMware Fusion 13.x <13.6VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. |
Fusion
|