Multiple Security Vulnerabilities Discovered in VMware Products Including vCenter Server and ESXi

On May 20, 2025, Broadcom published a security advisory disclosing multiple vulnerabilities affecting several VMware products, including vCenter Server, VMware ESXi, Workstation, and Fusion. Security updates have been released to address these issues.

Critical vCenter Server Vulnerabilities

Command Execution Risk

Among the disclosed vulnerabilities, CVE-2025-41225 affects vCenter Server and could allow attackers with alarm creation and script execution privileges to run arbitrary commands. This represents one of the most serious vulnerabilities in the current disclosure.

Cross-Site Scripting Vulnerability

Additionally, a cross-site scripting (XSS) vulnerability identified as CVE-2025-41228 was discovered in vCenter Server, potentially allowing attackers to inject malicious scripts that execute within users’ browsers.

ESXi and Other Product Vulnerabilities

Multiple Issues Affecting Core Virtualization Platform

VMware’s ESXi hypervisor platform is affected by the same cross-site scripting vulnerability (CVE-2025-41228) found in vCenter Server, along with two denial-of-service vulnerabilities:

• CVE-2025-41226: Can cause service disruption in ESXi
• CVE-2025-41227: Affects ESXi, VMware Workstation, and VMware Fusion

Severity Ratings and CVSS Scores

Vulnerability Risk Assessment

According to the Common Vulnerability Scoring System (CVSSv3.1), the discovered vulnerabilities have been rated as follows:

1. CVE-2025-41225: Highest score at 8.8
2. CVE-2025-41226: Score of 6.8
3. CVE-2025-41227: Score of 5.5
4. CVE-2025-41228: Score of 4.3

Update Recommendations

Critical Updates

Broadcom has rated the vCenter Server updates (version 8.0 U3e and 7.0 U3v) as “Important” – the second highest on their four-level severity scale.

Moderate Updates

Updates for VMware ESXi, VMware Workstation, and VMware Fusion have been classified as “Moderate” – one level lower in severity.

Additional Platform Updates

Broadcom is also urging users to update the following products that incorporate the affected components:

• VMware Cloud Foundation
• VMware Telco Cloud Platform
• VMware Telco Cloud Infrastructure

Security Best Practices

Organizations using VMware products should implement these security updates as soon as possible to mitigate potential risks. VMware infrastructure is widely deployed in enterprise environments, making these systems particularly attractive targets for potential attackers looking to compromise corporate networks.

Regular security patching remains one of the most effective ways to protect virtualization infrastructure from known vulnerabilities. Organizations should establish a systematic approach to tracking security advisories from vendors like Broadcom and implementing recommended patches according to their severity ratings.

For critical infrastructure running VMware products, security teams should consider implementing additional layers of protection including network segmentation, least privilege access controls, and comprehensive monitoring to detect potential exploitation attempts before they can cause significant damage.