The National Computer Emergency Response Team has issued an urgent warning about critical VMware vulnerabilities affecting key products widely used in enterprise, cloud, and telecom networks.
According to NCERT, the vulnerabilities impact VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Infrastructure, and VMware NSX. Identified as CVE-2025-41244 and CVE-2025-41246, these flaws carry severity scores between 7.6 and 7.8 and can allow attackers to escalate privileges, bypass authorization, and execute remote code, putting sensitive systems and data at serious risk.
Evidence indicates that state-sponsored threat actors have already exploited these VMware vulnerabilities, potentially leading to full system compromise and disruption of virtualized environments, particularly in critical infrastructure.
NCERT highlighted that unpatched versions, including VMware Aria Operations below 8.18.4 and VMware Tools below 13.0.4, remain highly vulnerable. Attackers can exploit the flaws locally or remotely with minimal privileges and in some cases without user interaction. The advisory emphasized that patching is the only effective solution as no vendor-provided mitigations exist.
Organizations are urged to install the latest security updates released by Broadcom through advisories 36149, 36150, and 35964. For systems where immediate patching is not possible, NCERT recommends restricting user privileges, enforcing network segmentation, monitoring login activity, strengthening access controls, reviewing system logs, and preparing incident response teams.
The advisory concludes by urging all VMware users to prioritize patching, limit access to unpatched systems, and include these risks in enterprise security strategies while maintaining continuous monitoring to prevent large-scale cyber incidents.