The National Computer Emergency Response Team (NCERT) has issued an urgent warning about multiple high-severity security flaws affecting key VMware products used across enterprise and telecom networks.
According to the advisory, these vulnerabilities impact VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Infrastructure, and VMware NSX, posing a serious risk to both enterprise and cloud infrastructures.
The security flaws, identified as CVE-2025-41244 and CVE-2025-41246, carry severity scores between 7.6 and 7.8 on the CVSS scale. They allow attackers to escalate privileges, bypass authorization, and potentially execute remote code, putting sensitive systems and data at risk.
Exploited by Hackers
NCERT confirmed that the vulnerabilities have already been exploited in the wild, with evidence suggesting involvement of state-sponsored threat actors. Successful attacks could lead to full system compromise, unauthorized data access, and disruption of virtualized environments, especially in critical infrastructure sectors.
VMware’s widespread use in enterprise and cloud operations amplifies the potential impact of these vulnerabilities worldwide.
Unpatched Systems at Highest Risk
The advisory notes that unpatched versions of VMware Aria Operations (below 8.18.4), VMware Tools (below 13.0.4), VMware Cloud Foundation, and VMware NSX remain vulnerable. Attackers can exploit these flaws either locally or remotely, often requiring minimal privileges — and in some cases, no user interaction at all.
NCERT stressed that patching is the only effective solution, as no vendor-provided mitigations currently exist.
Immediate Patching Strongly Advised
Organizations are urged to install the latest security updates released by Broadcom through advisories 36149, 36150, and 35964.
For systems where patching cannot be done immediately, NCERT recommends restricting user privileges, enforcing network segmentation, and closely monitoring login activity. Strengthening access controls, reviewing system logs, and preparing incident response teams are also key steps to reduce risk.
The advisory concludes with a call for all organizations using VMware products to apply patches without delay, limit access to unpatched systems, and include these risks in their enterprise security frameworks.
NCERT also advises continuous monitoring and proactive threat detection across VMware environments to prevent large-scale cyber incidents stemming from these vulnerabilities.
