23/05/2025

Week 21 – Multiple high-severity vulnerabilities in VMware Cloud Foundation

19 – 15 May 2025

Multiple high-severity vulnerabilities were responsibly disclosed in VCF by Gustavo Bonito of the NATO Cyber Security Centre. From among these, our #CVEOfTheWeek is CVE-2025-41229. This is a Directory Traversal vulnerability, which might allow a malicious actor with network access to port 443 to exploit directory traversal, potentially leading to access to restricted internal services.

VMware Cloud Foundation (VCF) is an integrated software platform developed by VMware that provides a complete solution for managing and operating a hybrid cloud infrastructure. It combines VMware’s compute, storage, networking, and cloud management services into a single automated platform.

VMware has stressed that there are no available workarounds for these vulnerabilities, making patching the sole effective method of mitigation.

Administrators using VMware Cloud Foundation 5.x are strongly advised to upgrade immediately to version 5.2.1.2.
For organizations running VMware Cloud Foundation 4.5.x, the recommended course of action is to follow the instructions outlined in knowledge base article KB398008.

Blackpoint created a list with further guidance that could strengthen our infrastructure resiliency:

Isolate Management Interfaces
Place ESXi and vCenter servers on a dedicated management VLAN. Avoid exposing them to the internet unless absolutely necessary.

Restrict Access to Management Services
Limit access to management interfaces to trusted IP addresses or subnets. Where feasible, block outbound internet access from hosts.

Harden Authentication and Access Controls
Use strong, unique credentials for all accounts. Disable SSH unless it is actively required.

Minimize Attack Surface
Disable any unused services and protocols—such as CIM, SNMP, SSH, or Web UI—to reduce potential entry points.

Secure and Test Backups
Store backups offline or in immutable object storage. Regularly test backup restoration processes to ensure reliability during an incident.

Official advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733

Further information on the CVE Trio: https://cybersecuritynews.com/vmware-cloud-foundation-vulnerability/y/

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Author:
Filed Under: CVE of the Week
Tags: , , , ,