VMware Telco Cloud Platform

Privilege Escalation in VMware Aria Ops via vCenter Access
CVE-2026-22721 6.2 - Medium - February 25, 2026

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .

Improper Privilege Management

VMware Aria Ops XS: Privileged XSS for Admin Actions
CVE-2026-22720 8 - High - February 25, 2026

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations.  To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of  VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947https:// .

XSS

VMware Aria Ops cmd injection leads to RCE during migration
CVE-2026-22719 8.1 - High - February 25, 2026

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001  Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

Command Injection

VMware vCenter SMTP Header Injection in Scheduled Task Emails
CVE-2025-41250 8.5 - High - September 29, 2025

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

Command Injection

VMware Aria Ops Cred Disclosure via Info Leak
CVE-2025-41245 4.9 - Medium - September 29, 2025

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

Insecure Default Initialization of Resource

VMware Aria Ops/Tools LPE via SDMP (VMware vSphere)
CVE-2025-41244 7.8 - High - September 29, 2025

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Privilege Defined With Unsafe Actions

VMware NSX Router Port Stored XSS via Improper Input Validation
CVE-2025-22245 - June 04, 2025

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

VMware NSX Stored XSS in Gateway Firewall
CVE-2025-22244 - June 04, 2025

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

VMware NSX Manager UI XSS: Improper Input Validation
CVE-2025-22243 - June 04, 2025

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

VMware Aria Automation DOM XSS for Access Token Theft
CVE-2025-22249 - May 13, 2025

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

VMware ESXi/Workstation/Fusion: OOB Read in HGFS Enables VM Memory Disclosure
CVE-2025-22226 7.1 - High - March 04, 2025

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Out-of-bounds Read

VMware ESXi Arbitrary Write Escape via VMX Kernel Write
CVE-2025-22225 8.2 - High - March 04, 2025

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

Write-what-where Condition

VMware ESXi TOCTOU OOB Write Allows VM Admin Code Exec as VMX
CVE-2025-22224 9.3 - Critical - March 04, 2025

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

TOCTTOU