My IBM Log in Subscribe

FYSA: VMware Critical Vulnerabilities Patched

IT infrastructure Security

4 March 2025

< 1 min read

Author

Nick Bradley

IBM X-Force Incident Command CO

Broadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.

Threat Topography

  • Threat Type: Critical Vulnerabilities
  • Industry: Virtualization
  • Geolocation: Global

Industry newsletter

The latest tech news, backed by expert insights

Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.

Thank you! You are subscribed.

Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.

Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.

Overview

X-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities affect various VMware products, including vCenter Server, vRealize Operations Manager, and vCloud Director.

These vulnerabilities could allow attackers to launch various types of nefarious actions, potentially leading to data breaches, system compromise, and unauthorized access. Broadcom has patched the vulnerabilities with a new version of the affected products, urging users to update their systems as soon as possible.

Mixture of Experts | 2 May, episode 53

Decoding AI: Weekly News Roundup

Join our world-class panel of engineers, researchers, product leaders and more as they cut through the AI noise to bring you the latest in AI news and insights.
Watch the latest podcast episodes

Recommendations

Organizations using VMware products are advised to:

  1. Immediately patch their systems with the latest version of the affected products.

  2. Monitor system logs for any signs of suspicious activity.

  3. Implement additional security measures, such as network segmentation and access controls.

Overview Annual report Corporate social responsibility Inclusion@IBM Financing Investor Newsroom Security, privacy & trust Senior leadership Careers with IBM Website Blog Publications Automotive Banking Consumer Good Energy Government Healthcare Insurance Life Sciences Manufacturing Retail Telecommunications Travel Our strategic partners Find a partner Become a partner - Partner Plus Partner Plus log in IBM TechXChange Community LinkedIn X Instagram YouTube Subscription Center Participate in user experience research Podcasts United States — English Contact IBM Privacy Terms of use Accessibility