[Vulnerability Alert] Broadcom VMware vCenter Server Critical Security Vulnerability (CVE-2025-41225)

• Subject: [Vulnerability Alert] Broadcom VMware vCenter Server Critical Security Vulnerability (CVE-2025-41225)

• Description:
  • Forwarded by Taiwan Computer Network Crisis Coordination Center TWCERTCC-200-202505-00000019
  • VMware vCenter Server is a centralized management platform used to manage all virtual machines and virtualization infrastructure in VMware vSphere environments, enhancing management efficiency and convenience. Recently, Broadcom released a critical security vulnerability announcement (CVE-2025-41225, CVSS: 8.8). This is a verified command execution vulnerability that allows attackers with create or modify permissions to execute arbitrary commands via scripts, thereby performing unauthorized operations on the vCenter Server.
• Affected Platforms:
  • vCenter Server version 8.0
  • vCenter Server version 7.0
  • VMware Cloud Foundation (vCenter) version 5.x
  • VMware Cloud Foundation (vCenter) version 4.5.x
  • VMware Telco Cloud Platform (vCenter) version 5.x
  • VMware Telco Cloud Platform (vCenter) version 4.x
  • VMware Telco Cloud Platform (vCenter) version 3.x
  • VMware Telco Cloud Platform (vCenter) version 2.x
  • VMware Telco Cloud Infrastructure (vCenter) version 3.x
  • VMware Telco Cloud Infrastructure (vCenter) version 2.x
• Recommended Actions:
  • Please visit the official website for patching: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717
• References:
  • https://www.twcert.org.tw/tw/cp-169-10131-b5f54-1.html

Computer and Communication Center
Network Systems Group