The National Computer Emergency Response Team (NCERT) has issued a critical cybersecurity advisory warning organizations of multiple high-severity vulnerabilities affecting several VMware products widely used across enterprise, telecom, and cloud networks.

According to the latest bulletin, the flaws impact VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Infrastructure, and VMware NSX — core components that power virtualized data centers and cloud computing environments.

High-Severity Security Vulnerabilities Identified

The vulnerabilities, tracked as CVE-2025-41244 and CVE-2025-41246, have received CVSS severity scores between 7.6 and 7.8, categorizing them as high risk.

According to NCERT, successful exploitation of these flaws could allow remote attackers to escalate privileges, bypass authorization controls, and potentially execute arbitrary code on affected systems. Such attacks could lead to full system compromise, allowing hackers to control administrative privileges and access sensitive enterprise data.

The agency warned that if left unpatched, these vulnerabilities could expose critical telecom and cloud infrastructure to large-scale cyberattacks, potentially disrupting essential services.

Products and Versions at Risk

While VMware has not yet disclosed complete technical details to prevent exploitation, preliminary information confirms that VMware Aria Operations 8.x, VMware Tools 12.x, and VMware Cloud Foundation 5.x are among the affected versions.

VMware engineers are actively working on security updates to patch the vulnerabilities. Until official fixes are released, NCERT recommends organizations take immediate precautionary steps to mitigate risk.

Mitigation and Security Recommendations

The NCERT advisory outlines key measures for system administrators and IT security teams:

• Apply the latest VMware patches as soon as they become available.
• Restrict remote access to VMware management consoles and interfaces.
• Use network segmentation to isolate critical VMware infrastructure from the public internet.
• Monitor system logs for unusual authentication attempts or privilege escalation activities.
• Regularly back up configurations and store backups offline.

The agency also advised organizations to review their incident response frameworks and ensure that system access controls and multi-factor authentication (MFA) are fully enforced.

Wider Security Implications

These warnings come at a time when enterprise virtualization platforms have become prime targets for cybercriminals. VMware systems, often running mission-critical workloads, offer attackers a single point of entry to access entire network environments.

Experts believe that exploitation of these flaws could be used in ransomware campaigns or espionage operations, especially against telecom and defense sectors relying heavily on VMware’s cloud infrastructure.

Administrators are urged to stay alert for VMware’s upcoming security bulletin, which will provide patch timelines and verification steps.

For now, NCERT’s advisory underscores the urgency of proactive system monitoring and patch management to defend against potential breaches.