Recent Posts
Week 21 – Multiple high-severity vulnerabilities in VMware Cloud Foundation
19 – 15 May 2025
Multiple high-severity vulnerabilities were responsibly disclosed in VCF by Gustavo Bonito of the NATO Cyber Security Centre. From among these, our #CVEOfTheWeek is CVE-2025-41229. This is a Directory Traversal vulnerability, which might allow a malicious actor with network access to port 443 to exploit directory traversal, potentially leading to access to restricted internal services.
VMware Cloud Foundation (VCF) is an integrated software platform developed by VMware that provides a complete solution for managing and operating a hybrid cloud infrastructure. It combines VMware’s compute, storage, networking, and cloud management services into a single automated platform.
VMware has stressed that there are no available workarounds for these vulnerabilities, making patching the sole effective method of mitigation.
Administrators using VMware Cloud Foundation 5.x are strongly advised to upgrade immediately to version 5.2.1.2.
For organizations running VMware Cloud Foundation 4.5.x, the recommended course of action is to follow the instructions outlined in knowledge base article KB398008.
Blackpoint created a list with further guidance that could strengthen our infrastructure resiliency:
Isolate Management Interfaces
Place ESXi and vCenter servers on a dedicated management VLAN. Avoid exposing them to the internet unless absolutely necessary.
Restrict Access to Management Services
Limit access to management interfaces to trusted IP addresses or subnets. Where feasible, block outbound internet access from hosts.
Harden Authentication and Access Controls
Use strong, unique credentials for all accounts. Disable SSH unless it is actively required.
Minimize Attack Surface
Disable any unused services and protocols—such as CIM, SNMP, SSH, or Web UI—to reduce potential entry points.
Secure and Test Backups
Store backups offline or in immutable object storage. Regularly test backup restoration processes to ensure reliability during an incident.
Official advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733
Further information on the CVE Trio: https://cybersecuritynews.com/vmware-cloud-foundation-vulnerability/y/
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
Welcome New Member – Sapann Talwar from Australia
Please welcome our newest member from Australia, Sapann Talwar
Sapann is a seasoned Cybersecurity and Risk management practitioner with 26+ years of industry experience. He specializes in safeguarding ‘Data’ against evolving cyber threats and has a strong track record in developing and executing security strategies for global MNCs across diverse sectors, including BFSI, Manufacturing, IT, and Software Development.
Throughout his career, Sapann has led the design and implementation of resilient cybersecurity programs, aligning robust security architectures with business growth and innovation objectives. His expertise spans IT and OT environments, focusing on risk mitigation, threat monitoring, and disaster recovery.
Renowned for driving measurable outcomes and cultivating strategic alliances as a CXO advisor, Sapann is adept at leading high-performing, cross-functional teams. His leadership ensures smooth security operations, proactive risk management, adherence to industry standards, and regulatory compliance. Committed to fostering a secure and resilient digital environment, Sapann continues to champion forward-looking cybersecurity strategies that enable enterprise-wide value creation.
It’s good to have you, Sapann! We look forward to the expertise you bring and enabling you here at CyAN. Don’t hesitate to reach out or explore Sapann’s profile to grow your networks mutually.
“What Happens to Heroes?” – Episode #5: The Unsung Heroes of the Digital World
The Psychological Impacts of Cyberattacks This is the fifth episode in our ongoing series about the individuals who, in a matter of moments, transition from employees to rescuers in the aftermath of a destructive cyberattack. These are what I call the “Heroes.” Let’s Rewrite the …
