Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Multiple vulnerabilities in VMware, Patch Immediately!
Image
Publié : 21/05/2025
- Last update: 21/05/2025
- Affected software:
→ VMware Fusion,
→ VMware Workstation,
→ VMware ESXi,
→ vCenter Server,
→ VMware Cloud Foundation (vCenter),
→ VMware Cloud Foundation (ESXi),
→ VMware Telco Cloud Platform (ESXi),
→ VMware Telco Cloud Platform (vCenter),
→ VMware Telco Cloud Infrastructure (vCenter)
- Type: Multiple types
- CVE/CVSS
→ CVE-2025-41229: CVSS 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
→ CVE-2025-41230: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
→ CVE-2025-41231: CVSS 7.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
→ CVE-2025-41225: CVSS 8.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-41226: CVSS 6.8 (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
→ CVE-2025-41227: CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
→ CVE-2025-41228: CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
Sources
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717
Risks
The vulnerabilities could be used by attackers to gain access to services and data. They can also be used to execute arbitrary commands and cause a denial of service. Confidentiality, integrity and availability are all impacted. There is no workaround, so the only solution is to upgrade immediately.
Description
Because of a directory traversal vulnerability, a malicious actor with network access to port 443 on VMware Cloud Foundation can access certain internal services. An information disclosure vulnerability in VMware Cloud Foundation allows an attacker with network access to port to gain access to sensitive information. A missing authorisation vulnerability even allows a local attacker (having access to the VMware Cloud Foundation appliance) to perform certain unauthorised actions and access limited sensitive information.
A malicious actor with privileges to create or modify alarms and run script action may exploit an authenticated command-execution vulnerability in vCenter Server to run arbitrary commands. A malicious actor with guest operation privileges on a VM in VMware ESXi can create a denial-of-service condition. A malicious actor with non-administrative privileges within a guest operating system on VMware ESXi, Workstation or Fusion may exhaust the memory of the host process leading to a denial-of-service condition.
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://www.cve.org/CVERecord?id=CVE-2025-41229
https://www.cve.org/CVERecord?id=CVE-2025-41230
https://www.cve.org/CVERecord?id=CVE-2025-41231
https://www.cve.org/CVERecord?id=CVE-2025-41225
https://www.cve.org/CVERecord?id=CVE-2025-41226
https://www.cve.org/CVERecord?id=CVE-2025-41227
https://www.cve.org/CVERecord?id=CVE-2025-41228