Critical Zero-day Vulnerabilities in VMware ESXi, Workstation, and Fusion


Broadcom has addressed three exploited vulnerabilities that, when chained, can allow an attacker to access the hypervisor through a running virtual machine.

VMware’s official advisory does not include all affected product versions. VMware’s official advisory VMSA-2025-0004 includes a Response Matrix detailing the fixed releases for each product. VMware have also released an FAQ detailing the following:

  • You are affected if you are running any version of VMware ESX, VMware vSphere, VMware Cloud Foundation, or VMware Telco Cloud Platform prior to the versions listed as “fixed” in the VMSA.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...