[ Blog ] VMware #vCenter vulnerability CVE-2025-41241

A denial of service vulnerability, identified as CVE-2025-41241, has been discovered within VMware vCenter.

Broadcom has evaluated this issue as having a moderate severity rating, with a CVSSv3 base score of 4.4. While this isn't a high-severity critical flaw, it's still an issue that could lead http://rviv.ly/GqTV8p #CVE #denialofservice #securityadvisory

U.S. #CISA adds a flaw in #Broadcom #VMware #vCenter Server to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/187267/security/u-s-cisa-adds-a-flaw-in-broadcom-vmware-vcenter-server-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking

WARP PANDA exploiting VMware vCenter, ESXi & stolen Microsoft 365 tokens
https://www.technadu.com/warp-panda-targets-u-s-and-asia-pacific-using-brickstorm-vcenter-esxi-and-stolen-365-tokens-to-reach-virtual-machines/615224/

• BRICKSTORM, Junction, GuestConduit implants used across layers
• VM snapshots + cloned domain controllers for identity harvesting
• SharePoint data accessed via stolen 365 tokens
• Hidden VMs & log tampering for stealth

#CyberSecurity #VMware #ESXi #vCenter #APT #ThreatIntel #CloudSecurity

🆕 Here's how to trust an OVA certificate in VMware vCenter.

https://thedxt.ca/2025/11/vmware-vcenter-ova-certificate-trust/

#VMware #vCenter #Certificates #SSL #vExpert #OVA

UNC3886 Hackers Exploiting 0-Days in VMware vCenter/ESXi, Fortinet FortiOS, and Junos OS
https://cybersecuritynews.com/unc3886-hackers-exploiting-0-days/

#Infosec #Security #Cybersecurity #CeptBiro #UNC3886 #0Days #VMware #vCenter #ESXi #Fortinet #FortiOS #JunosOS

Fire Ant Hackers Target VMware ESXi and vCenter Flaws to Infiltrate Organizations
https://gbhackers.com/fire-ant-hackers-target-vmware-esxi-and-vcenter-flaws/

#Infosec #Security #Cybersecurity #CeptBiro #FireAnt #VMwareESXi #vCenter #InfiltrateOrganizations

Progress!

#vcenter

alt-printscreen (don't let the alt go) h

The "don't let the alt go" is the key.

See /proc/sys/kernel/sysrq for what it's capabilities are.

Why when vSan cluster has a failure are the only objects that are inaccessible the ones for #vCenter and #Veeam.

It's like vSAN wants to make this as painful as possible.

VMware vSphere まとめ
https://qiita.com/shuta0606/items/3e7bb4dac036ec9d4ccc?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #ESXi #VMware_vSphere #vCenter #クラスター #Crane_I

Check the alarms on all ESXi Hosts via Powershell http://dlvr.it/TJKSbF via PlanetPowerShell #PowerShell #ESXi #vCenter #Coding

🆕 Here's how to set up a Native Key Provider in VMware vCenter

https://thedxt.ca/2025/02/vcenter-native-key-provider/

#VMware #vCenter #vExpert

Интеграция Jira-AWX

Всем привет, меня зовут Денис, я хотел бы поделиться опытом использования AWX в рамках одной из наших потребностей. Статья может быть полезна ребятам с «инфры», если в компании используется vmware и подобное cloud решение для частого деплоя, а для всяческой бюрократии и запросов вы обращайтесь в Jira. Недавно @kuksepa выкладывала отличную статью про AWX по этому я не стану много описывать конкретно его, а постараюсь кратко описать процесс. Прошу не обращать внимание на замазанные элементы.

https://habr.com/ru/articles/876934/

#awx #jira #jira_servicedesk #git #vcenter #vsphere #cloud #deploy #ansible #terraform

Nieuwe kwetsbaarheden in vmware vcenter server verholpen https://www.trendingtech.news/trending-news/2024/11/48748/nieuwe-kwetsbaarheden-in-vmware-vcenter-server-verholpen #VMware #vCenter Server #kwetsbaarheden #updates #cyberbeveiliging #Trending #News #Nieuws

Critical RCE bug in VMware vCenter Server now exploited in attacks #RCE #VMware #vCenter https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-vmware-vcenter-server-now-exploited-in-attacks/

🛑 MAJ 22 octobre 2024 :

#Broadcom a annoncé que les correctifs #VMware #vCenter publiés le 17 sept. 2024 ne couvraient pas complètement la vulnérabilité CVE-2024-38812. Il est important pour tous les clients d’appliquer les derniers correctifs disponibles dans la matrice de réponse. Les patches pour la version 8.0 U2 sont également disponibles.

Produits impactés :

• vCenter Server 8.0
• vCenter Server 7.0
• VMware Cloud Foundation 5.x
• VMware Cloud Foundation 4.x

👇
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

#Cyberveille #CVE_2024_38812
#Patch

si vous avez un vCenter exposé sur Internet, c'est le moment de vérifier s'il est à jour… (avant que quelqu'un d'autre le fasse pour vous )
👇
https://infosec.exchange/@shadowserver/113168842851938618

#CyberVeille #vCenter #VMWare

#BSI WID-SEC-2024-2175: [NEU] [hoch] #VMware #vCenter #Server: Mehrere Schwachstellen ermöglichen Codeausführung und Privilegienerweiterung

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in VMware vCenter Server und VMware Cloud Foundation ausnutzen, um beliebigen Programmcode auszuführen und erweiterte Rechte zu erlangen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2175

#Broadcom fixed Critical #VMware #vCenter Server flaw CVE-2024-38812
https://securityaffairs.com/168536/security/vmware-vcenter-server-cve-2024-38812.html
#securityaffairs #hacking

Here's how to reset the root password for VMware vCenter.

https://thedxt.ca/2024/09/reset-vcenter-root-password/

#VMware #vCenter #vExpert