All news with #broadcom tag

🔒 Broadcom’s acquisition of VMware has accelerated migrations to alternatives such as Microsoft Hyper‑V, Azure Stack HCI, Nutanix AHV, Proxmox VE and KVM, but switching hypervisors introduces complex risks around disk formats, drivers, networking models and snapshot behavior. Successful transitions depend not on conversion tools but on verified, restorable, application‑consistent backups and rehearsed recovery drills performed before cutover. A unified, platform‑agnostic cyber protection approach with immutability, tightened RBAC and an off‑site copy reduces downtime, rollback risk and long‑term vendor lock‑in.

⚠️ CISA has added a high‑severity VMware Aria Operations flaw, CVE-2026-22719, to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation; the issue is an unauthenticated command injection that can allow arbitrary command execution and potential remote code execution. Broadcom released fixes for VMware Cloud Foundation, vSphere Foundation 9.0.2.0 and Aria Operations 8.18.6, and provided a shell-script workaround (aria-ops-rce-workaround.sh) for appliance nodes. Public details of in‑the‑wild exploitation and attribution remain scarce. Federal civilian agencies must apply the fixes by March 24, 2026.

🚨 CISA has added a VMware Aria Operations command injection flaw (CVE-2026-22719) to its Known Exploited Vulnerabilities catalog and is treating the issue as exploited in attacks. Broadcom says it is aware of reports of exploitation but cannot independently confirm them. VMware released patches on February 24 and provided a temporary workaround script (aria-ops-rce-workaround.sh) that disables vulnerable migration components; administrators should apply the updates or the workaround immediately.

🔒Recent patches from VMware address several high- and medium-risk vulnerabilities in Aria Operations, Cloud Foundation, and Telco Cloud products. The most serious, CVE-2026-22719, is an unauthenticated command injection that could lead to remote code execution but requires support-assisted product migration to be exploitable, so it is rated high rather than critical. Broadcom recommends upgrading to Aria Operations 8.18.6 and applying corresponding updates for VMware Cloud Foundation and Telco Cloud components to mitigate these issues.

🔒 CISA confirmed ransomware gangs are exploiting a high-severity VMware ESXi sandbox escape (CVE-2025-22225) patched by Broadcom in March 2025 alongside related fixes. The vulnerability permits an attacker with privileges in the VMX process to trigger an arbitrary kernel write and escape the virtual machine sandbox. Organizations are urged to apply vendor mitigations, follow BOD 22-01 guidance for cloud services, or discontinue affected products if mitigations are unavailable.

⚠️ CISA has added CVE-2024-37079, a critical heap overflow in Broadcom VMware vCenter's DCE/RPC implementation, to its Known Exploited Vulnerabilities catalog citing evidence of active exploitation. The flaw (CVSS 9.8) can enable remote code execution via a crafted network packet; Broadcom released fixes in June 2024 alongside CVE-2024-37080, with related patches issued in September 2024. Broadcom confirms in‑the‑wild abuse and Federal civilian agencies must update to the latest vCenter release by February 13, 2026.

⚠️ CISA has added CVE-2024-37079, an out-of-bounds write in VMware vCenter Server (Broadcom), to the Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This class of memory-corruption flaw is a common attacker vector and poses significant risk to the federal enterprise. Under BOD 22-01, FCEB agencies must remediate cataloged vulnerabilities by the required due date; CISA urges all organizations to prioritize timely remediation and to reduce exposure to active threats.

⚠️ Researchers at Black Duck's Cybersecurity Research Center found a high-severity flaw in Broadcom WiFi chipset software that lets an unauthenticated attacker within radio range disable all clients on the 5 GHz band by sending a single crafted 802.11 frame. The behavior was observed while testing ASUS routers but was traced to Broadcom's chipset code rather than router firmware. Broadcom issued a patched software build to customers and ASUS released firmware updates, although a comprehensive list of affected devices has not been published. Recommended mitigations include segmenting wireless networks, auditing legacy access points, and prioritizing firmware updates based on business criticality.

🔍 Huntress says Chinese-speaking threat actors used a compromised SonicWall VPN appliance in December 2025 to deploy a multi-stage exploit against VMware ESXi, leveraging three zero-day vulnerabilities disclosed by Broadcom in March 2025 (CVE-2025-22224/22225/22226). The toolkit includes an orchestrator dubbed MAESTRO, an unsigned kernel driver loaded via KDU, and a VSOCK-based ELF backdoor called VSOCKpuppet. The attack chain enabled VM-to-hypervisor escapes, remote control of ESXi hosts over VSOCK port 10000, and file transfer capabilities from guest VMs, all of which were halted by Huntress before a suspected ransomware stage could complete.

🛡️ CISA has added the high-severity flaw CVE-2025-41244, impacting Broadcom VMware Tools and VMware Aria Operations, to its Known Exploited Vulnerabilities catalog after reports of active exploitation. The bug (CVSS 7.8) allows a malicious local, non-administrative user with VM access and SDMP enabled to escalate privileges to root on the same VM. Broadcom-owned VMware released a patch last month, but NVISO Labs says the zero-day was exploited in the wild since mid-October 2024 and attributes activity to a China-linked actor tracked as UNC5174. Federal civilian agencies must implement mitigations by November 20, 2025.

⚠️ CISA has ordered Federal Civilian Executive Branch agencies to remediate a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools (CVE-2025-41244), patched by Broadcom in October 2024. The flaw enables a local, non-administrative user on a VM to escalate privileges to root when Aria Operations’ SDMP is enabled or when VMware Tools runs in credential-less mode. Agencies must patch within three weeks under BOD 22-01; CISA also urges all organizations to prioritize mitigations or discontinue affected products if no fix is available.

🔔 CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-24893 (XWiki Platform eval injection) and CVE-2025-41244 (Broadcom VMware Aria Operations and VMware Tools privilege-defined unsafe actions). Evidence indicates active exploitation and substantial risk to the federal enterprise. Under BOD 22-01, affected FCEB agencies must remediate by required due dates. CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.

🔒 Broadcom has released security updates for VMware vCenter and NSX addressing multiple high-severity vulnerabilities, including CVE-2025-41250, CVE-2025-41251 and CVE-2025-41252. The most serious, an SMTP header injection in vCenter (CVSSv3 8.5), allows non-administrative users to tamper with scheduled email notifications and has no available workaround. Two NSX flaws permit unauthenticated username enumeration, which can facilitate brute-force or credential-stuffing attacks. Administrators are urged to apply the fixed versions immediately.

🔒 Broadcom issued patches for a high-severity privilege escalation vulnerability in VMware Aria Operations and VMware Tools that has been actively exploited since October 2024. European firm NVISO linked the in-the-wild abuse to the China-aligned group UNC5174 and published a proof-of-concept for CVE-2025-41244. The flaw allows an unprivileged local attacker to stage a malicious binary (commonly in /tmp/httpd), have it discovered by VMware service discovery, and escalate to root-level execution on vulnerable VMs.

🔒 Broadcom released updates addressing two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). The flaws (CVE-2025-41251 and CVE-2025-41252) permit unauthenticated attackers to enumerate valid usernames via a weak password-recovery flow and a separate enumeration vector, which could be used to support brute-force or unauthorized login attempts. Administrators should apply the vendor patches immediately and verify recovery workflows and logging.

⚠️ NVISO Labs says China-linked UNC5174 has been exploiting a newly patched local privilege escalation bug, CVE-2025-41244, in Broadcom VMware Tools and VMware Aria Operations since mid-October 2024. The vulnerability (CVSS 7.8) stems from a vulnerable get_version() regex that can match non-system binaries in writable directories (for example, /tmp/httpd) and cause metrics collection to execute them with elevated privileges. VMware and Broadcom have released fixes and mitigations; affected organizations should apply vendor patches and follow VMware's guidance, and Linux distributions will receive patched open-vm-tools packages from vendors.

🔔 Broadcom is changing its VMware Cloud Foundation (VCF) licensing for hyperscalers to an exclusive bring-your-own subscription model effective November 1, 2025. For Google Cloud VMware Engine (GCVE) customers this means future clusters will require purchasing portable VCF subscriptions directly from Broadcom and using GCVE’s existing BYOL option. Google introduced a BYOL path for GCVE in 2024 and notes the managed service itself remains unchanged. Transition rules and timing differ for committed use discounts and on-demand nodes, so customers should review their commitments.

🔧 Kali Linux 2025.3 delivers ten new tools and expanded Wi-Fi and NetHunter capabilities. Notable additions include Caido (client and server), Detect It Easy, Gemini CLI, krbrelayx, ligolo-mp, and vwifi-dkms for dummy Wi‑Fi networks. Nexmon support is restored for Broadcom/Cypress chips and Raspberry Pi devices, while NetHunter gains Samsung S10 support and CARsenal updates. Users can upgrade via the Kali rolling repository or download the new ISOs.