Primary

Context

VMware vCenter Server Authenticated Command-Execution Vulnerability

Vulnerability

Patched

An authenticated command-execution vulnerability has been identified in VMware vCenter Server. This issue allows a malicious actor with privileges to create or modify alarms and execute script actions to run arbitrary commands on the vCenter Server.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the affected vCenter Server.

Remediation

To address this vulnerability, users should apply the updates available for their version of vCenter Server. Instructions for downloading the patch can be found in the VMware vCenter Server 8.0 U3e and 7.0 U3v release notes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware vCenter Server Authenticated Command-Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

VMware vCenter Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating