51
CVEs
1
Critical
24
High
5
KEV
2
PoC
21
Unpatched C/H
21.6%
Patch Rate
1.7%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
24
MEDIUM
23
LOW
1
Monthly CVE Trend
Affected Products (30)
Cloud Foundation
17
Telco Cloud Platform
11
Telco Cloud Infrastructure
10
Aria Operations
5
Linux Kernel
5
Aria Operations For Logs
4
Memory Corruption
4
Windows
4
Vmware Nsx
3
Command Injection
3
Esxi
3
Workstation
2
Ubuntu
2
Qca6564au Firmware
1
Qca6584au Firmware
1
Wcd9395 Firmware
1
Debian Linux
1
Sa6155p Firmware
1
Qcm4490 Firmware
1
Wcd9326 Firmware
1
Use After Free
1
Wcn3980 Firmware
1
Qca6335 Firmware
1
Wsa8840 Firmware
1
Snapdragon Auto 5g Modem Rf Gen 2 Firmware
1
Sm7325p Firmware
1
Sm4635 Firmware
1
Sd865 5g Firmware
1
Wsa8845 Firmware
1
Sm7250p Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-22224 | VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host. | CRITICAL | 9.3 | 52.7% | 149 |
KEV
No patch
|
| CVE-2025-22225 | VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel. | HIGH | 8.2 | 7.9% | 99 |
KEV
No patch
|
| CVE-2026-22719 | VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | HIGH | 8.1 | 7.4% | 98 |
KEV
|
| CVE-2025-22226 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host. | HIGH | 7.1 | 6.8% | 92 |
KEV
No patch
|
| CVE-2025-41228 | VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 4.3 | 6.0% | 48 |
PoC
No patch
|
| CVE-2025-41225 | The vCenter Server contains an authenticated command-execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2025-37101 | A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions). | HIGH | 8.7 | 0.1% | 44 |
No patch
|
| CVE-2025-27147 | The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.2 | 0.2% | 41 |
No patch
|
| CVE-2025-22249 | VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. | HIGH | 8.2 | 0.2% | 41 |
|
| CVE-2026-22720 | Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2025-22231 | VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2024-53010 | Memory corruption vulnerability in Qualcomm's Virtual Machine (VM) attachment mechanism that occurs when the Host Linux OS (HLOS) retains access to a VM during attachment operations. This local privilege escalation vulnerability affects Qualcomm System-on-Chip (SoC) implementations and allows a local attacker with user-level privileges to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has not been reported as actively exploited in the KEV catalog, but the high CVSS score (7.8) and local attack vector indicate significant real-world risk for deployed Qualcomm-based devices. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2025-22230 | VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2025-22243 | VMware NSX Manager UI is vulnerable to stored cross-site scripting (XSS) attacks via improper input validation in user-controllable fields (CWE-79). An authenticated attacker with high privileges can inject malicious scripts that persist in the application and execute in the browsers of other users, potentially leading to session hijacking, credential theft, or unauthorized administrative actions. With a CVSS score of 7.5 and network-accessible attack vector, this vulnerability poses a moderate-to-high risk to NSX Manager deployments, particularly in multi-user environments. | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-22244 | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. | MEDIUM | 6.9 | 0.0% | 35 |
No patch
|