VMware Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in VMware Server.
Recent VMware Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2025-09-08 | CVE-2025-41243 - Critical - CVE-2025-41243: Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux | September 8, 2025 |
| 2025-05-27 | CVE-2025-41235 - High - CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies | May 27, 2025 |
| 2025-04-07 | CVE-2025-22232 - Medium - CVE-2025-22232: Spring Cloud Config Server May Not Use Vault Token Sent By Clients | April 7, 2025 |
| 2024-03-19 | CVE-2024-22258 - Medium - CVE-2024-22258: PKCE Downgrade in Spring Authorization Server | March 19, 2024 |
| 2024-01-22 | cve-2024-22233 - High - CVE-2024-22233: Spring Framework server Web DoS Vulnerability | January 22, 2024 |
| 2023-11-27 | cve-2023-34054 - Medium - CVE-2023-34054: Reactor Netty HTTP Server Metrics DoS Vulnerability | November 27, 2023 |
| 2023-11-27 | cve-2023-34055 - Medium - CVE-2023-34055: Spring Boot server Web Observations DoS Vulnerability | November 27, 2023 |
By the Year
In 2026 there have been 0 vulnerabilities in VMware Server. Last year, in 2025 Server had 1 security vulnerability published. Right now, Server is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.50 |
It may take a day or so for new Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Server Security Vulnerabilities
Spring Cloud Gateway Webflux Exposes Env Vars via SpEL
CVE-2025-41253
7.5 - High
- October 16, 2025
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes. * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.
EL Injection
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x
CVE-2009-4811
- April 27, 2010
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
Use of Externally-Controlled Format String
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5
CVE-2009-3733
- November 02, 2009
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
Directory traversal
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x
CVE-2009-3707
- October 16, 2009
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.
Use of Externally-Controlled Format String
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem
CVE-2009-1072
- March 25, 2009
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
Configuration
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which
CVE-2009-0778
- March 12, 2009
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Server or by VMware? Click the Watch button to subscribe.
