Latest VMware vulnerabilities

Post published:April 1, 2025
Post category:Blog / CyberSecurity

In the last 30 days, VMware has disclosed three critical and important security vulnerabilities affecting several core products.
And no, this isn’t an April Fool’s joke, unfortunately it’s a real call to action for IT admins and security teams.

Released on 03/04/2025
- Products: vSphere, Workstation, Fusion
- Severity: Critical
- VMSA-2025-0004
- Vulnerability Type: Use-after-free flaw in virtual Bluetooth device.
- Impact: May allow a local attacker to execute arbitrary code or cause a denial-of-service (DoS).
- Official Link here

Released on 03/25/25
- Product: VMware tools for Windows
- Severity: Important
- VMSA-2025-0005
- Vulnerability Type: Authentication Bypass due to Improper Access Control
- Impact: A malicious actor with non-administrative privileges on a Windows guest virtual machine (VM) could exploit this vulnerability to perform certain high-privilege operations within that VM.
- Official Link her e

Released on 04/01/2025
- Product: Aria Operations (Previously known as vRealize Ops)
- Severity: Important
- VMSA-2025-0006
- Official Link her e

Have you started remediating these VMware vulnerabilities yet?
Patching isn’t optional, it’s your first line of defense.
Don’t wait until a vulnerability is exploited in the wild.
Start patching today and keep your infrastructure secure.

Tags: aria, cybersecurity, esxi, patching, ransomware, vcenter, vcf, vmtools, vmware, vrops, vsphere, vulnerability, windows

You Might Also Like

VMware vSphere ESXi – Virtual Machine Best Practices

VMware vSAN 7 Update 2 – Disk Format Error

VMware Explore 2022 Announcements