The cyber security team at broadom has acrossed
On March 16, Nguyen Hoang THACH, A Security Researcher from Star Labs, successfully exploated vmware esxi. “This is the first time vmore esxi was exploited in the pwn2own hacking event,” Praveen Singh and Monty Ijzerman, from the Product Security and Incident Response Team in the VMWARE Cloud Festival Broadcom, Wrote on the Company's website,
This is something that has not been achieved before, according to a Linkedin post by bob carverCEO of Cybersecurity Boardroom.
“This was the first time in pwn2own's history, stretching back to 2007, that the hypervisor has been successfully exploited,” he wrote, adding that that the hacker was free Exploit.
Singh and ijzerman also noted that on 17 March, Corentin Bayet, Chief Technology Officer of Reverse Tactics, Successfully explored Esxi by Chaining Two Vulnerability. According to singh and ijzerman, one of the vulnerabilites used in the exploit was already known.
The third successful attack, also on 17 March, was run by thomas bouzer and etiienne helluy-lafont, security experts from synacktiv, who managed to successfully excl Workstation.
Singh and ijzerman said the team at broadom was actively working on the remedies. “We plan to publish a vmware security to provide information on updates for the affected products,” They said.
While broadom has so far committed to providing patches for zero-day exploits, its current strategy to Move Customers ONTO VMWARE Cloud Foundation subscription bundles May leave some vmware users with gaps in their security, especially if their support Contract is up for renewal.
As computer weekly reported earlier this month, Broadcom Informed Customers IT no longer renew support contracts for VMWARECTS PURCATES perpetual license basis And that support would only continue for that that moved to a vmware subscription.
On 12 May, broadcom issited a critical security Advisory, Cve-2025-22249, which affects the aria toolset. The cybersecurity center for belgium said that given the vulnerability requires user interaction, it could be explined through a phishing at a phishing atark if a vmware admin click
“If the user is logged in to their vmware aria automation account, the threat actor even full control of their account and performance any actions the rights the rights to perform. Impact to the confidentiality and low impact to the integrity of the affected systems, “it warned, urging vmware users to” Patch immediatily “.
Broadcom has issued patches for vmware aria automation 8.18.x and version 5.x and 4.x of vmware cloud foundation, but it has not provided any workerounds, which means the users Running an Older Version of the tool Remain at Risk.
There a number a number of reports that many vmware customers have been sent cease-desist emails from broadcom Regarding Their Perpetual VMWARE LICENSES, Whoch Demand Removal of Patches and Bug Fixes Installed.
While Details of the successful exploits of the vmware hypervisor have couple to be published, the patches are not yet available, and questions remain as to how widely there will be fixed.