Broadcom released security updates addressing two high-severity VMware NSX vulnerabilities reported by the NSA, which could allow unauthenticated attackers to enumerate usernames and perform brute-force attacks. Multiple VMware products continue to be targeted by threat actors, including state-sponsored hackers exploiting zero-day flaws for cyber espionage and data theft. #VMwareNSX #NSA #ZeroDayVulnerabilities
Keypoints
- Broadcom patched high-severity vulnerabilities in VMware NSX based on NSA reports.
- The vulnerabilities include CVE-2025-41251 and CVE-2025-41252, both affecting username enumeration.
- Additional patches were released for VMware vCenter, Aria Operations, and VMware Tools addressing multiple security flaws.
- These vulnerabilities have been exploited by state-sponsored hackers and cybercriminal groups in the past.
- Previous VMware zero-day exploits were disclosed during the Pwn2Own Berlin 2025 hacking contest, highlighting ongoing threats.