Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN329 _____________________________________________________________________ DATE : 20/05/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Cloud Foundation VMware Fusion VMware Telco Cloud Infrastructure VMware Telco Cloud Platform VMware vCenter Server VMware vSphere ESXi VMware Workstation. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717 _____________________________________________________________________ VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) Product/Component VMware Cloud Foundation VMware Fusion VMware Telco Cloud Infrastructure VMware Telco Cloud Platform VMware vCenter Server VMware vSphere ESXi VMware Workstation Notification Id 25717 Last Updated 20 May 2025 Initial Publication Date 20 May 2025 Status OPEN Severity HIGH CVSS Base Score 4.3-8.8 WorkAround None Affected CVE CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 Advisory ID: VMSA-2025-0010 Advisory Severity: Important CVSSv3 Range: 4.3-8.8 Synopsis: VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) Issue date: 2025-05-20 Updated on: 2025-05-20 (Initial Advisory) CVE(s) CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 1. Impacted Products VMware ESXi VMware vCenter Server VMware Workstation Pro VMware Fusion VMware Cloud Foundation VMware Telco Cloud Platform VMware Telco Cloud Infrastructure 2. Introduction Multiple vulnerabilities in ESXi, vCenter Server, and Workstation were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. 3a. VMware vCenter Server authenticated command-execution vulnerability (CVE-2025-41225) Description: The vCenter Server contains an authenticated command-execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8. Known Attack Vectors: A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server. Resolution: To remediate CVE-2025-41225 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: None. Additional Documentation: None. Acknowledgments: VMware would like to thank Oliver Bachtik and Bert De Bruijn for reporting this issue to us. Notes: None. 3b. Guest Operations Denial-of-Service Vulnerability (CVE-2025-41226) Description: VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8. Known Attack Vectors: A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled. Resolution: To remediate CVE-2025-41226 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: None. Additional Documentation: None. Acknowledgments: VMware would like to thank security researcher Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) of Statnett (Norway) and Uros Orozel for independently reporting this issue to us. Notes: None. 3c. Denial-of-Service Vulnerability (CVE-2025-41227) Description: VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5. Known Attack Vectors: A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition. Resolution: To remediate CVE-2025-41227 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: None. Additional Documentation: None. Acknowledgments: VMware would like to thank the National Security Agency for reporting this issue to us. Notes: None. 3d. VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability (CVE-2025-41228) Description: VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3. Known Attack Vectors: A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites. Resolution: To remediate CVE-2025-41228 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: None. Additional Documentation: None. Acknowledgments: VMware would like to thank Huang for reporting this issue to us. Notes: None. Response Matrix: VMware Product Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation vCenter Server 8.0 Any CVE-2025-41225, CVE-2025-41228 8.8, 4.3 Important 8.0 U3e None None vCenter Server 7.0 Any CVE-2025-41225 8.8 Important 7.0 U3v None None VMware ESXi 8.0 Any CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 6.8, 5.5, 4.3 Moderate ESXi80U3se-24659227 None None VMware ESXi 7.0 Any CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 6.8, 5.5, 4.3 Moderate ESXi70U3sv-24723868 None None VMware Cloud Foundation (vCenter) 5.x Any CVE-2025-41225, CVE-2025-41228 8.8, 4.3 Important Async patch to 8.0 U3e None Async Patching Guide: KB88287 VMware Cloud Foundation (vCenter) 4.5.x Any CVE-2025-41225 8.8 Important Async patch to 7.0 U3v None Async Patching Guide: KB88287 VMware Cloud Foundation (ESXi) 5.x Any CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 6.8, 5.5, 4.3 Moderate Async patch to ESXi80U3se-24659227 None Async Patching Guide: KB88287 VMware Cloud Foundation (ESXi) 4.5.x Any CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 6.8, 5.5, 4.3 Moderate Async patch to ESXi70U3sv-24723868 None Async Patching Guide: KB88287 VMware Telco Cloud Platform (ESXi) 5.x, 4.x, 3.x, 2.x Any CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 6.8, 5.5, 4.3 Moderate ESXi80U3se-24659227 None None VMware Telco Cloud Infrastructure (ESXi) 3.x Any CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 6.8, 5.5, 4.3 Moderate ESXi80U3se-24659227 None None VMware Telco Cloud Infrastructure (ESXi) 2.x Any CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 6.8, 5.5, 4.3 Moderate ESXi70U3sv-24723868 None None VMware Telco Cloud Platform (vCenter) 5.x, 4.x, 3.x, 2.x Any CVE-2025-41225, CVE-2025-41228 8.8, 4.3 Important 8.0 U3e None None VMware Telco Cloud Infrastructure (vCenter) 3.x Any CVE-2025-41225 8.8 Important 8.0 U3e None None VMware Telco Cloud Infrastructure (vCenter) 2.x Any CVE-2025-41225 8.8 Important 7.0 U3v None None VMware Workstation 17.x Any CVE-2025-41227 5.5 Moderate 17.6.3 None None VMware Fusion 13.x MacOS CVE-2025-41227 5.5 Moderate 13.6.3 None None 4. References: Fixed Version(s) and Release Notes: VMware vCenter Server 8.0 U3e Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=5826 https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/vcenter-server-update-and-patch-release-notes/vsphere-vcenter-server-80u3e-release-notes.html VMware vCenter Server 7.0 U3v Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=5849 https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/vcenter-server-update-and-patch-releases/vsphere-vcenter-server-70u3v-release-notes.html VMware ESXi 8.0 ESXi80U3se-24659227 Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=5825 https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3e-release-notes.html VMware ESXi 7.0 ESXi70U3sv-24723868 Downloads and Documentation: https://support.broadcom.com/web/ecx/solutiondetails?patchId=5848 https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3v-release-notes.html VMware Workstation 17.6.3 Downloads and Documentation: https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Windows&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Linux&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/workstation-pro/17-0/release-notes/vmware-workstation-1763-pro-release-notes.html VMware Fusion 13.6.3 Downloads and Documentation: https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Fusion&displayGroup=VMware%20Fusion%2013&release=13.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/fusion-pro/13-0/release-notes/vmware-fusion-1363-release-notes.html KB Articles: Cloud Foundation 5.x/4.5.x: https://knowledge.broadcom.com/external/article?legacyId=88287 Mitre CVE Dictionary Links: https://www.cve.org/CVERecord?id=CVE-2025-41225 https://www.cve.org/CVERecord?id=CVE-2025-41226 https://www.cve.org/CVERecord?id=CVE-2025-41227 https://www.cve.org/CVERecord?id=CVE-2025-41228 FIRST CVSSv3 Calculator: CVE-2025-41225: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-41226: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2025-41227: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-41228: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 5. Change Log: 2025-05-20 VMSA-2025-0010 Initial security advisory. 6. Contact: E-mail: [email protected] PGP key https://knowledge.broadcom.com/external/article/321551 VMware Security Advisories https://www.broadcom.com/support/vmware-security-advisories VMware External Vulnerability Response and Remediation Policy https://www.broadcom.com/support/vmware-services/security-response VMware Lifecycle Support Phases https://support.broadcom.com/group/ecx/productlifecycle VMware Security Blog https://blogs.vmware.com/security X https://x.com/VMwareSRC Copyright 2025 Broadcom. All rights reserved ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================