Security bulletins

Per VMware security advisory VMSA-2025-0015, multiple vulnerabilities in VMware Aria Operations and VMware Tools were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in affected Broadcom products.

What should I do?

We recommend upgrading to VMware Aria Automation 8.18.5 and VMware Tools 13.0.5.

• VMSA-2025-0015
• CVE-2025-41244
• CVE-2025-41245
• CVE-2025-41246

Per advisory VMSA-2025-0013, multiple vulnerabilities in VMware ESXi were privately reported to Broadcom.

We've either already patched these vulnerabilities or are in the process of applying the necessary patches supplied by Broadcom. There are no known workarounds for these reported vulnerabilities.

Once patched, your VMware Engine deployments should be running ESXi 7.0U3w or ESXi 8.0U3f or greater.

What should I do?

Google recommends customers to monitor their workloads on VMware Engine for any unusual activities.

• VMSA-2025-0013
• CVE-2025-41236
• CVE-2025-41237
• CVE-2025-41238
• CVE-2025-41239

Per VMware security advisory VMSA-2024-0017, an SQL-injection vulnerability in VMware Aria Automation was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

What should I do?

We recommend upgrading to VMware Aria Automation KB325790.

• VMSA-2024-0017
• CVE-2024-22280

Per VMware security advisory VMSA-2025-0006, a local privilege escalation vulnerability in VMware Aria Operations was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

What should I do?

We recommend upgrading to VMware Aria Operations 8.18 HF5.

• VMSA-2025-0006
• CVE-2025-22231

Per VMware security advisory VMSA-2025-0003, multiple vulnerabilities in VMware Aria Operations for logs and VMware Aria Operations were privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

What should I do?

We recommend upgrading to VMware Aria Operations for Logs 8.18.3 and VMware Aria Operations to 8.18.3.

• VMSA-2025-0003
• CVE-2025-22218
• CVE-2025-22219
• CVE-2025-22220
• CVE-2025-22221
• CVE-2025-22222

Per VMware security advisory VMSA-2025-0008, a DOM based Cross-Site Scripting (XSS) vulnerability in VMware Aria Automation was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

What should I do?

We recommend upgrading to VMware Aria Automation 8.18.1 patch 2.

• VMSA-2025-0008
• CVE-2025-22249

VMware disclosed multiple vulnerabilities in VMSA-2025-0004 that impact ESXi components deployed in customer environments.

VMware Engine impact

Your private clouds are either already patched or are in the process of being updated to address the security vulnerability. As part of the VMware Engine service, all customers get dedicated bare metal hosts with local attached disks that are physically isolated from other hardware. This means that the vulnerability is scoped to guest VMs within your specific private cloud only.

Your private clouds will be updated to 7.0u3s Build number 24534642. This is equivalent to 7.0U3s: Build number 24585291.

What should I do?

Follow instructions from Broadcom and your security vendors regarding this vulnerability.

• VMSA-2025-0004
• CVE-2025-22224
• CVE-2025-22225
• CVE-2025-22226

Per VMware security advisory VMSA-2025-0001, a server-side request forgery (SSRF) vulnerability in VMware Aria Automation was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

What should I do?

We recommend upgrading to VMware Aria Automation 8.18.2 HF.

• VMSA-2025-0001
• CVE-2025-22215

Per VMware security advisory VMSA-2024-0022, multiple vulnerabilities in VMware Aria Operations were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware product.

What should I do?

We recommend upgrading to VMware Aria Operations 8.18.2.

• VMSA-2024-0022
• CVE-2024-38830
• CVE-2024-38831
• CVE-2024-38832
• CVE-2024-38833
• CVE-2024-38834

Per VMware security advisory VMSA-2024-0020, multiple vulnerabilities in VMware NSX were responsibly reported to VMware.

The version NSX-T running on your VMware Engine environment is not impacted by CVE-2024-38815, CVE-2024-38818, or CVE-2024-38817.

What should I do?

Because VMware Engine clusters are not affected by this vulnerability, no further action is required.

• VMSA-2024-0020
• CVE-2024-38815
• CVE-2024-38817
• CVE-2024-38818

Per VMware security advisory VMSA-2024-0021, an authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware.

We have applied the mitigation approved by VMware to address this vulnerability. This fix addresses a security vulnerability described in CVE-2024-38814. The image versions running in your VMware Engine private cloud don't reflect any change at this time to indicate the changes applied. Appropriate mitigations have been installed and your environment is secured from this vulnerability.

What should I do?

We recommend upgrading to VMware HCX version 4.9.2.

• VMSA-2024-0021
• CVE-2024-38814

VMware disclosed multiple vulnerabilities in VMSA-2024-0019 that impact vCenter components deployed in customer environments.

VMware Engine impact

• Google has already disabled any potential exploit of this vulnerability. For example, Google has blocked the ports through which this vulnerability could be exploited.
• In addition, Google ensures all future deployments of vCenter are not exposed to this vulnerability.

What should I do?

No further action is required at this time.

• CVE-2024-38812
• CVE-2024-38813

A vulnerability CVE-2024-6387 was discovered in OpenSSH server (sshd). This vulnerability is exploitable remotely on glibc-based linux systems: an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.

At the time of publication, exploitation is believed to be difficult–requiring winning a race condition, which is hard to successfully exploit and may take several hours per machine being attacked. We are not aware of any exploitation attempts.

What should I do?

1. Apply updates from Linux distributions to your workloads as they become available. Please refer to guidance from Linux distributions.
2. If updating is not possible, consider turning OpenSSH off until it can be patched.
3. If OpenSSH needs to be left on, you can also execute a configuration update which eliminates the race case condition for the exploit. This is a runtime mitigation. To apply the changes in the sshd config, this script will restart the sshd service.

   #!/bin/bash
   set -e
   SSHD_CONFIG_FILE=/etc/ssh/sshd_config
   # -c: count the matches
   # -q: don't print to console
   # -i: sshd_config keywords are case insensitive.
   if [[ "$(grep -ci '^LoginGraceTime' $SSHD_CONFIG_FILE)" -eq 0 ]]; then
    echo "LoginGraceTime 0">> "$SSHD_CONFIG_FILE"
    echo "Set the LoginGraceTime to 0 in $SSHD_CONFIG_FILE"
   else
    sed -i 's/^LoginGraceTime.*$/LoginGraceTime 0/' /etc/ssh/sshd_config
    echo "Changed the LoginGraceTime to 0 in $SSHD_CONFIG_FILE"
   fi
   # Restart the sshd service to apply the new config.
   systemctl restart sshd
    

4. Finally, monitor for any unusual network activity involving SSH servers.

• CVE-2024-6387
• Broadcom VMware Cloud Foundation Response

VMware disclosed multiple vulnerabilities in VMSA-2024-0012 that impact vCenter components deployed in customer environments.

VMware Engine impact

• The vulnerability can be exploited by accessing specific ports in vCenter Server. Google has already blocked the vulnerable ports on vCenter server, which prevents any potential exploits of this vulnerability.
• In addition, Google ensures all future deployments of vCenter are not exposed to this vulnerability.

What should I do?

No further action is required at this time.

• CVE-2024-37079
• CVE-2024-37080
• CVE-2024-37081

VMware disclosed multiple vulnerabilities in VMSA-2024-0006 that impact ESXi components deployed in customer environments.

VMware Engine impact

Your private clouds have been updated to address the security vulnerability.

What should I do?

No action is needed on your part.

• VMSA-2024-0006
• CVE-2024-22252
• CVE-2024-22253
• CVE-2024-22254
• CVE-2024-22255

VMware disclosed multiple vulnerabilities in VMSA-2023-0023 that impact vCenter components deployed in customer environments.

VMware Engine impact

• The vulnerability can be exploited by accessing specific ports in vCenter Server. These ports are not exposed to the public internet.
• If your vCenter ports 2012/tcp, 2014/tcp, and 2020/tcp are not accessible by untrusted systems, then you are not exposed to this vulnerability.
• Google has already blocked the vulnerable ports on vCenter server, preventing any potential exploit of this vulnerability.
• In addition, Google will ensure all future deployments of vCenter server are not exposed to this vulnerability.
• At the time of the bulletin, VMware is not aware of any exploitation "in the wild". For more details please refer to the VMware documentation for more information.

What should I do?

No further action is required at this time.

• CVE-2023-34048, CVE-2023-34056

VMware vCenter Server updates address multiple memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896)

VMware Engine impact

VMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation).

What should I do?

Customers are not impacted and no action needs to be taken.

• CVE-2023-20893

Intel recently announced Intel Security Advisory INTEL-SA-00828 impacting some of their processor families. You are encouraged to assess your risks based on the advisory.

VMware Engine impact

Our fleet utilizes the impacted processor families. In our deployment, the entire server is dedicated to one customer. Hence, our deployment model doesn't add any additional risk to your assessment of this vulnerability.

We are working with our partners to obtain necessary patches and will be deploying these patches on priority across the fleet using the standard upgrade process in the next several weeks.

What should I do?

No action is needed on your part, we are working on upgrading all the impacted systems.

• CVE-2022-40982

Per VMware security advisory VMSA-2021-0020, VMware received reports of multiple vulnerabilities in vCenter. VMware has made updates available to remediate these vulnerabilities in affected VMware products.

We have already applied the patches provided by VMware for the vSphere stack to Google Cloud VMware Engine per the VMware security advisory. This update addresses the security vulnerabilities described in CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, and CVE-2021-22010. Other non-critical security issues will be addressed in the upcoming VMware stack upgrade (per the advance notice sent in July, more details will be provided soon on the specific timeline of the upgrade).

VMware Engine impact

Based on our investigations, no customers were found to be impacted.

What should I do?

Because VMware Engine clusters are not affected by this vulnerability, no further action is required.

• VMSA-2021-0020
• CVE-2021-22005
• CVE-2021-22006
• CVE-2021-22007
• CVE-2021-22008
• CVE-2021-22010

Per VMware security advisory VMSA-2021-0010, remote code execution and authentication bypass vulnerabilities in vSphere Client (HTML5) were privately reported to VMware. VMware has made updates available to remediate these vulnerabilities in affected VMware products.

We have applied the patches provided by VMware for the vSphere stack per the VMware security advisory. This update addresses security vulnerabilities described in CVE-2021-21985 and CVE-2021-21986. The image versions running in your VMware Engine private cloud don't reflect any change at this time to indicate the patches applied. Please rest assured that appropriate patches have been installed and your environment is secured from these vulnerabilities.

VMware Engine impact

Based on our investigations, no customers were found to be impacted.

What should I do?

Because VMware Engine clusters are not affected by this vulnerability, no further action is required.

• VMSA-2021-0010
• CVE-2021-21985
• CVE-2021-21986

Per VMware security advisory VMSA-2021-0002, VMware received reports of multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5). VMware has made updates available to remediate these vulnerabilities in affected VMware products.

We have applied the officially documented workarounds for the vSphere stack per the VMware security advisory. This update addresses security vulnerabilities described in CVE-2021-21972, CVE-2021-21973, and CVE-2021-21974.

VMware Engine impact

Based on our investigations, no customers were found to be impacted.

What should I do?

We recommend upgrading to the latest version of HCX.

• VMSA-2021-0002
• CVE-2021-21972
• CVE-2021-21973
• CVE-2021-21974