VMware vCenter Server Command Execution Vulnerability (CVE-2025-41225) - #CVE-2025-41226
Broadcom has recently addressed four critical vulnerabilities in various VMware products, including ESXi, vCenter Server, Workstation Pro, and Fusion. The most severe vulnerability, CVE-2025-41225, allows privileged attackers to execute arbitrary commands on vCenter Server, posing a significant security risk with a CVSS score of 8.8. Other vulnerabilities include potential denial-of-service conditions, host memory exhaustion, and reflected cross-site scripting attacks. Affected products span multiple versions of VMware's software ecosystem, including VMware Cloud Foundation and Telco Cloud Platform. Broadcom has released patches for all impacted versions, with detailed update instructions available through their documentation portal. Given the critical nature of these vulnerabilities, users are strongly advised to apply the updates promptly to mitigate potential exploitation risks and secure their systems.