Broadcom (VMware) has released an emergency patch for a critical Remote Code Execution (RCE) vulnerability (CVE-2025-7722, CVSS 9.8) in vCenter Server. The flaw, located in the DCE/RPC protocol implementation, allows unauthenticated attackers to send a specially crafted network packet to execute arbitrary code and take full control of the virtualized environment.
Business Impact
vCenter is the “crown jewel” of the data center. Compromise here gives attackers unrestricted command over all virtual machines, storage, and networking. Attackers are actively scanning for exposed vCenter servers to deploy ransomware encryptors directly to the hypervisor level.
Why It Happened
The vulnerability is a heap overflow in the way vCenter handles certain RPC requests. Despite previous warnings to isolate management interfaces, thousands of vCenter servers remain exposed to the public internet, making them easy targets.
Recommended Executive Action
This is a “drop everything” priority. Patch vCenter immediately. If patching is not possible within the hour, verify that the vCenter management interface is completely blocked from the internet and restricted to a secure management VPN.
Hashtags: #VMware #vCenter #ZeroDay #RCE #Virtualization #Ransomware #PatchNow #InfoSec