57
CVEs
2
Critical
30
High
5
KEV
2
PoC
26
Unpatched C/H
22.8%
Patch Rate
1.6%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
30
MEDIUM
23
LOW
1
Monthly CVE Trend
Affected Products (30)
Cloud Foundation
17
Telco Cloud Platform
11
Telco Cloud Infrastructure
10
Aria Operations
5
Aria Operations For Logs
4
Windows
4
ESXi
3
Linux Kernel
3
Vmware Nsx
3
Workstation
2
Ubuntu
2
Fastconnect 7800 Firmware
1
Cloud Foundation Operations
1
Fusion
1
Fastconnect 6900 Firmware
1
Qam8650p Firmware
1
Fastconnect 6800 Firmware
1
Aria Automation
1
Qam8295p Firmware
1
Fastconnect 6700 Firmware
1
Qam8255p Firmware
1
Qam8620p Firmware
1
Open Vm Tools
1
Qam8775p Firmware
1
Qamsrv1h Firmware
1
Qamsrv1m Firmware
1
Qca6174a Firmware
1
Qca6310 Firmware
1
Qca6335 Firmware
1
Fastconnect 6200 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-22224 | VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host. | CRITICAL | 9.3 | 52.7% | 149 |
KEV
No patch
|
| CVE-2025-22225 | VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel. | HIGH | 8.2 | 7.9% | 99 |
KEV
No patch
|
| CVE-2026-22719 | VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | HIGH | 8.1 | 7.4% | 98 |
KEV
|
| CVE-2025-22226 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host. | HIGH | 7.1 | 6.8% | 92 |
KEV
No patch
|
| CVE-2025-41228 | VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 4.3 | 6.0% | 48 |
PoC
No patch
|
| CVE-2026-20794 | Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an | CRITICAL | 9.3 | 0.0% | 47 |
No patch
|
| CVE-2025-41225 | The vCenter Server contains an authenticated command-execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2025-62623 | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-62624 | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-37101 | A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions). | HIGH | 8.7 | 0.1% | 44 |
|
| CVE-2026-20751 | Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-20879 | Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2025-27147 | The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.2 | 0.2% | 41 |
No patch
|
| CVE-2025-22249 | VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. | HIGH | 8.2 | 0.2% | 41 |
|
| CVE-2026-22720 | Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001. | HIGH | 8.0 | 0.1% | 40 |
|