Insights from the Field

Introduction to VMSA-2026-0002 VMSA-2026-0002, released on February 26, 2026, addresses critical vulnerabilities in VMware Workstation and VMware Fusion. This advisory focuses on desktop hypervisors rather than enterprise vSphere infrastructure. However, this narrower scope does not diminish its importance. Workstation and Fusion are commonly deployed on highly trusted endpoints. These systems are used by engineers, administrators, developers, and security teams. They frequen

Introduction VMSA-2026-0001 addresses three vulnerabilities identified as CVE-2026-22719, CVE-2026-22720, and CVE-2026-22721. The advisory applies to VMware Aria Operations, a platform commonly integrated directly into vCenter environments for monitoring, analytics, and operational visibility. Aria Operations maintains authenticated connections to vCenter, collects configuration and performance data from ESXi hosts, and often integrates with Active Directory or other external

Industry Signal: What the Conversation Reveals A recent post on X suggested that an AI system could ingest a legacy Active Directory forest, identify every privilege escalation path, generate remediation guidance, and effectively retire the on-premises AD engineer. The tone was humorous, but the underlying premise reflects a real shift. AI is now being applied directly to configuration analysis and security posture assessment, not just source code review. This development rai

Introduction VMSA-2024-0012 is not a new advisory. It was originally published in 2024 and, at the time, clearly communicated the severity of the underlying issues. Many organizations reviewed it, assessed impact, and made decisions based on their patching cycles, operational constraints, or perceived exposure. What has changed is not the technical nature of the vulnerabilities, but the context in which they now exist.  In January 2026, Broadcom updated the advisory to confir

Introduction Broadcom’s latest security advisory, VMSA-2025-0015, underscores a persistent truth about enterprise virtualization: the most damaging risks often originate not in exotic exploits, but in everyday operational tools. Published on September 29 and updated on October 30, 2025, this advisory discloses multiple vulnerabilities across VMware Aria Operations, VMware Tools, Telco Cloud Platform, and Cloud Foundation. One of the vulnerabilities, CVE-2025-41244, is already

Introduction On September 29, 2025, VMware (via Broadcom) published VMSA-2025-0015, which addresses three vulnerabilities in VMware Aria Operations and VMware Tools (CVE-2025-41244, CVE-2025-41245, CVE-2025-41246). This is the initial publication of the advisory. It rates these issues as Important / High severity, with CVSSv3 base scores ranging from 4.9 to 7.8. Affected products include VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platfor

Introduction On September 29, 2025, Broadcom, released  VMSA-2025-0016 . The advisory discloses multiple vulnerabilities in vCenter and NSX, ranging from SMTP header injection to weak password recovery mechanisms that allow username enumeration. The severity is listed as  Important , with CVSS scores ranging from 7.5 to 8.5. This is not a cosmetic issue. For enterprises that depend on vCenter and NSX to anchor their virtualization and network segmentation, these flaws cut dir

Anyone working in cybersecurity consulting long enough eventually sees it: most decisions aren’t driven by results. They’re driven by optics.The goal often isn’t to find the team best equipped to fix the problem. It’s to select a firm whose name will hold up when the questions come later. It’s not hard to see why. Breaches are expected now. And when they happen, the safest move is to point to the slide deck. “We engaged a top-rated vendor. This is who everyone uses. We did ev

Introduction Disruption doesn’t always announce itself with exploits and remote code execution. Sometimes, it creeps in quietly through a denial-of-service vulnerability, targeting the very control plane that makes modern virtualization work. VMware vCenter Server sits at the heart of nearly every vSphere environment, orchestrating workloads, monitoring infrastructure, and serving as the single pane of glass for managing compute at scale. On July 29, 2025, Broadcom released a

What is it? On July 15, 2025, Broadcom released VMSA-2025-0013, disclosing multiple critical vulnerabilities impacting VMware ESXi, Workstation, Fusion, and VMware Tools. These issues include three memory safety flaws that may lead to code execution on the host system, and one information disclosure issue resulting from uninitialized memory usage in vSockets. All four vulnerabilities were discovered through the Pwn2Own competition and responsibly reported to Broadcom. Patches

Introduction A few weeks ago, I posted a simple poll on LinkedIn:“What would be an interesting topic to research and publish an article on?” The results were revealing.41% of respondents said “Challenges of the Cyber Industry.”27% voted for “Healthcare Industry Security,”23% for “VMware vSphere Hardening,”and just 9% for “Active Directory Security.” It stood out to me that, even with plenty of technical options on the list, the majority of people wanted to talk about the broa

What Is It? On June 4, 2025, Broadcom issued Security Advisory VMSA-2025-0012 disclosing three stored cross-site scripting (XSS) vulnerabilities affecting VMware NSX. These flaws exist within the NSX Manager user interface, Gateway Firewall, and Router Port components. They are tracked as CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245. These vulnerabilities impact multiple NSX versions including 4.1.x, 4.2.1.x, and 4.2.x, and extend to affected deployments of VMware Cloud

Executive Summary Broadcom’s advisory VMSA-2025-0011 discloses CVE-2025-41233, a moderate-severity vulnerability in VMware Avi Load Balancer. The issue is an authenticated blind SQL injection flaw that allows logged-in users to infer data from the backend database by manipulating application behavior through crafted queries. While the injection does not expose results directly, attackers can use response variations to extract sensitive information. This article breaks down th

Introduction On May 20, 2025, Broadcom (formerly VMware) released VMSA-2025-0010, a security advisory disclosing a set of newly discovered vulnerabilities affecting a wide range of VMware products, including vCenter Server, ESXi, Workstation, and Fusion. Unlike prior advisories that often spotlight a single critical issue, this release details four distinct vulnerabilities, each posing different operational and security implications depending on the platform and deployment. A

Special recognition to Lee Scites who collaborated on this article Introduction For the first time in Pwn2Own history, a researcher successfully compromised a VMware ESXi host, the very foundation of many enterprise virtualization environments. This occurred at Pwn2Own Berlin 2025, where Nguyen Hoang Thachof STARLabs SG leveraged a zero-day integer overflow vulnerability to execute code on the ESXi hypervisor from a guest VM. This isn’t just a competition milestone; it’s a wa

Introduction On May 20, 2025, Broadcom published VMSA-2025-0009, a security advisory detailing three newly discovered vulnerabilities in VMware Cloud Foundation. All three issues were reported by the NATO Cyber Security Centre (NCSC) and affect versions 4.5.x and 5.x of the platform. These vulnerabilities allow unauthorized access to files, information disclosure through exposed endpoints, and the execution of privileged operations due to missing authorization checks. There a

Introduction Broadcom has issued a moderate-severity security advisory, VMSA-2025-0007, addressing a newly disclosed vulnerability in VMware Tools identified as CVE-2025-22247. This vulnerability affects both Windows and Linux guest operating systems and introduces a risk scenario where a non-privileged user inside a virtual machine could tamper with file operations carried out by VMware Tools. Although this flaw is not exploitable for guest-to-host escape, it may allow local

Introduction Broadcom has published VMSA-2025-0008 to address a newly disclosed DOM-based Cross-Site Scripting (XSS) vulnerability in VMware Aria Automation, previously known as vRealize Automation. The issue is tracked as CVE-2025-22249 and has been assigned a CVSSv3 base score of 8.2 (Important severity). This client-side scripting flaw could allow an attacker to steal access tokens or session identifiers from authenticated users by tricking them into visiting a specially c

Executive Abstract When a long-standing customer failed to configure basic email authentication, a secure vendor was forced to choose between preserving its security posture or continuing business as usual. This case study explores the operational and cybersecurity implications of bypassing DMARC enforcement in Microsoft 365, and why email trust is only as strong as the weakest party in the relationship. Security isn’t just a configuration;it’s a shared responsibility. Introd

Introduction: The Fragility of Trust Trust is the foundation of cybersecurity, but it is also its greatest vulnerability. That reality became painfully clear in April 2025 when Jeffrey Bowie, CEO of cybersecurity firm Veritaco, was arrested for allegedly planting malware on the systems of SSM Health St. Anthony Hospital in Oklahoma City. His actions did not just threaten data or operations. They exposed a deeper truth: when trust is weaponized, no amount of technical defense