Critical vulnerabilities in VMware vCenter Server
Our experts keep you up-to-date on critical cyber threats (CVEs)
VMware released a critical security update on 16 May 2025 (VMSA-2025-0010). This advisory contains three vulnerabilities that primarily impact vCenter Server and VMware Cloud Foundation.
Critical vulnerabilities in VMware vCenter Server
VMware (part from Broadcom) has on 16 May 2025 a critical security update released (VMSA-2025-0010). These advisory contains three vulnerabilities those especially impact have on vCenter Server and VMware Cloud Foundation.
You most serious vulnerability (CVE-2024-37079 & CVE-2024-37080) late a remote attacker without authentication toe to arbitrary code from overly feed by special prepared network requests (CVSSv3-score: 9.8/10).
Take action
Broadcom has released patches to fix these vulnerabilities. It is essential to apply these updates immediately to ensure the security of your systems.
All environments with vCenter Server 7.0 and/or 8.0 and/or VMware Cloud Foundation pose a danger. Hhe is thus essential to make the necessary updates as soon as possible.
What does VanRoey do?
Our security baseline significantly reduces the impact of these types of vulnerabilities by working with strict access control, network segmentation and the Zero Trust principle. Nevertheless, it is still advisable to implement available updates as soon as possible.
Customers who enjoy our Managed Services can rest assured: we do (or did) the necessary to secure your environment.
Don't have a Managed contract and want to call on our expertise? Then do not hesitate to contact us via support@vanroey.be!
Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .
