VMware Telco Cloud Platform

VMware vCenter SMTP Header Injection in Scheduled Task Emails
CVE-2025-41250 8.5 - High - September 29, 2025

VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

Command Injection

VMware Aria Ops Cred Disclosure via Info Leak
CVE-2025-41245 4.9 - Medium - September 29, 2025

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

Insecure Default Initialization of Resource

VMware Aria Ops/Tools LPE via SDMP (VMware vSphere)
CVE-2025-41244 7.8 - High - September 29, 2025

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Privilege Defined With Unsafe Actions

VMware NSX Router Port Stored XSS via Improper Input Validation
CVE-2025-22245 - June 04, 2025

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

VMware NSX Stored XSS in Gateway Firewall
CVE-2025-22244 - June 04, 2025

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

VMware NSX Manager UI XSS: Improper Input Validation
CVE-2025-22243 - June 04, 2025

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

VMware Aria Automation DOM XSS for Access Token Theft
CVE-2025-22249 - May 13, 2025

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

VMware ESXi/Workstation/Fusion: OOB Read in HGFS Enables VM Memory Disclosure
CVE-2025-22226 7.1 - High - March 04, 2025

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Out-of-bounds Read

VMware ESXi Arbitrary Write Escape via VMX Kernel Write
CVE-2025-22225 8.2 - High - March 04, 2025

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

Write-what-where Condition

VMware ESXi TOCTOU OOB Write Allows VM Admin Code Exec as VMX
CVE-2025-22224 9.3 - Critical - March 04, 2025

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

TOCTTOU