Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

VMware — Vulnerabilities & Security Advisories 219

Browse all 219 CVE security advisories affecting VMware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

VMware operates as a leading provider of cloud computing and virtualization platforms, enabling enterprises to manage data centers and deploy software-defined infrastructure. With 219 recorded CVEs, its attack surface reflects the complexity of managing hypervisors and management interfaces. Historically, vulnerabilities have frequently involved remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or authentication bypasses in web-based management consoles. Notable incidents include critical flaws in vCenter Server and ESXi that allowed attackers to gain unauthorized administrative access or execute arbitrary commands on host systems. These exploits underscore the risks associated with centralized management tools, where a single compromise can impact entire virtualized environments. The high volume of vulnerabilities highlights the necessity for rigorous patch management and secure configuration practices to mitigate potential breaches in enterprise infrastructure.

Top products by VMware: Workstation ESXi VMware ESXi VMware Aria Operations SALT Spring Framework Workstation Pro/Player vCenter Server VMware vCenter Server (vCenter Server) VMware Aria Operations for Logs vRealize Automation Cloud Foundation Spring AI Airwatch Console VMware vCenter Server VMware NSX VMware Tools VMware Aria Automation Fusion VMware ESXi, Workstation, and Fusion vRealize Operations for Horizon Adapter Workstation and Fusion VMware Enhanced Authentication Plug-in (EAP) VMware Fusion Airwatch Agent VMware ESXi, Workstation, Fusion VMware Workstation VMware Horizon Agent for Linux vCenter Salt Project
CVE IDTitleCVSSSeverityPublished
CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client — Reactor Netty 6.1 Medium2025-07-16
CVE-2025-41239 vSockets information-disclosure vulnerability — ESXiCWE-908 7.1 High2025-07-15
CVE-2025-41238 PVSCSI heap-overflow vulnerability — ESXiCWE-787 9.3 Critical2025-07-15
CVE-2025-41237 VMCI integer-underflow vulnerability — Cloud FoundationCWE-787 9.3 Critical2025-07-15
CVE-2025-41236 VMXNET3 integer-overflow vulnerability — ESXiCWE-787 9.3 Critical2025-07-15
CVE-2024-38824 CVE-2024-38824 salt advisory — SALT 9.6 Critical2025-06-13
CVE-2025-22242 CVE-2025-22242 salt advisory — SALT 5.6 Medium2025-06-13
CVE-2025-22241 CVE-2025-22241 salt advisory — SALT 5.6 Medium2025-06-13
CVE-2025-22240 CVE-2025-22240 salt advisory — SALT 6.3 Medium2025-06-13
CVE-2025-22239 CVE-2025-22239 salt advisory — SALT 8.1 High2025-06-13
CVE-2025-22238 CVE-2025-22238 salt advisory — SALT 4.2 Medium2025-06-13
CVE-2025-22237 CVE-2025-22237 salt advisory — SALT 6.7 Medium2025-06-13
CVE-2025-22236 CVE-2025-22236 salt advisory — SALT 8.1 High2025-06-13
CVE-2024-38825 CVE-2024-38825 Salt Advisory — SALT 6.4 Medium2025-06-13
CVE-2024-38823 CVE-2024-38823 Salt Advisory — SALT 2.7 Low2025-06-13
CVE-2024-38822 CVE-2024-38822 Salt Advisory — SALT 2.7 Low2025-06-13
CVE-2025-41233 VMware AVI Load Balancer 安全漏洞 — Avi Load BalancerCWE-89 6.8 Medium2025-06-12
CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request — Spring FrameworkCWE-113 6.5 Medium2025-06-12
CVE-2025-22245 VMware NSX 安全漏洞 — VMware NSX 5.9 Medium2025-06-04
CVE-2025-22244 VMware NSX 安全漏洞 — VMware NSX 6.9 Medium2025-06-04
CVE-2025-22243 VMware NSX Manager UI 安全漏洞 — VMware NSX 7.5 High2025-06-04
CVE-2025-41235 CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies — Spring cloud Gateway 8.6 High2025-05-30
CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability — vCenter ServerCWE-79 4.3 Medium2025-05-20
CVE-2025-41227 Denial-of-Service Vulnerability — ESXiCWE-400 5.5 Medium2025-05-20
CVE-2025-41226 Guest Operations Denial-of-Service Vulnerability — ESXiCWE-400 6.8 Medium2025-05-20
CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability — vCenter ServerCWE-78 8.8 High2025-05-20
CVE-2025-41230 VMware Cloud Foundation Information Disclosure Vulnerability — Cloud FoundationCWE-200 7.5 High2025-05-20
CVE-2025-41229 VMware Cloud Foundation Directory Traversal Vulnerability — Cloud FoundationCWE-22 8.2 High2025-05-20
CVE-2025-22248 [pgpool] Unauthenticated access to postgres through pgpool — Bitnami 9.8AICriticalAI2025-05-13
CVE-2025-22249 VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249) — Vmware Aria Automation 8.2 High2025-05-13

This page lists every published CVE security advisory associated with VMware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.