The National Computer Emergency Response Team (NCERT) has issued a critical warning highlighting multiple severe vulnerabilities affecting widely used VMware products across enterprise and telecom infrastructures. These flaws, which impact VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Infrastructure, and VMware NSX, could allow attackers to gain unauthorized access and potentially take full control of affected systems. NCERT stated that these weaknesses pose a significant risk to organizations operating virtualized or cloud-based environments, emphasizing that immediate action is required to prevent compromise.
According to NCERT, the identified vulnerabilities, tracked as CVE-2025-41244 and CVE-2025-41246, carry CVSS severity scores ranging from 7.6 to 7.8. These flaws enable attackers to escalate privileges, bypass authorization, and execute arbitrary code remotely. Evidence has shown that these vulnerabilities are already being actively exploited by threat actors, including suspected state-backed groups. Successful exploitation could allow intruders to access sensitive data, disrupt operations, and compromise entire virtual infrastructures, particularly those managing critical services or communications. Given VMware’s extensive integration in corporate and government systems, the potential reach and impact of these exploits are extensive and global in scope.
NCERT’s advisory stressed that unpatched versions of VMware products, including VMware Aria Operations versions below 8.18.4 and VMware Tools below 13.0.4, are at the highest risk. These vulnerabilities can be triggered through both local and remote vectors, often requiring minimal privileges or no user interaction. NCERT noted that there are currently no effective workarounds available from the vendor, making prompt patching the only viable defense. Organizations are strongly advised to apply the latest updates provided by Broadcom in advisories numbered 36149, 36150, and 35964 to mitigate these risks.
For systems where immediate patch deployment is not feasible, NCERT recommended several temporary security measures. These include restricting user privileges, implementing strict network segmentation, closely monitoring login and access logs, and preparing incident response teams to handle potential exploitation attempts. Organizations are also encouraged to strengthen access controls and maintain continuous network surveillance to detect abnormal activity within VMware environments. NCERT urged all entities relying on VMware products to integrate these vulnerabilities into their security frameworks and ensure proactive monitoring to avoid major breaches. The agency emphasized that timely updates and vigilant system oversight are essential to maintaining cybersecurity resilience against evolving threats targeting virtualized infrastructures.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
