{"id":10720,"date":"2025-05-21T12:51:54","date_gmt":"2025-05-21T18:51:54","guid":{"rendered":"https:\/\/beaconlab.us\/?post_type=publicacion&#038;p=10720"},"modified":"2025-05-21T12:53:47","modified_gmt":"2025-05-21T18:53:47","slug":"alerta-2025-44-falla-critica-en-vmware","status":"publish","type":"publicacion","link":"https:\/\/beaconlab.us\/es\/publicacion\/alerta-2025-44-falla-critica-en-vmware\/","title":{"rendered":"Alerta 2025-44-Falla Cr\u00edtica en VMware"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Producto(s) afectado(s):&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMware ESXi 7.0 y 8.0<\/li>\n\n\n\n<li>VMware vCenter Server 7.0 y 8.0<\/li>\n\n\n\n<li>VMware Cloud Foundation<\/li>\n\n\n\n<li>VMware Workstation 17.x<\/li>\n\n\n\n<li>VMware Fusion 13.x<\/li>\n\n\n\n<li>VMware Telco Cloud Platform and Infrastructure<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Descripci\u00f3n<\/h2>\n\n\n\n<p>Broadcom ha publicado parches para corregir cuatro fallas de seguridad detectadas en productos de VMware como <strong>ESXi, vCenter Server, Workstation Pro y Fusion<\/strong>. Estas fallas pueden permitir desde la <strong>ejecuci\u00f3n de comandos no autorizados<\/strong> hasta <strong>ataques de denegaci\u00f3n de servicio (DoS)<\/strong> y <strong>robo de informaci\u00f3n mediante XSS<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CVE-2025-41225 \u2013 Ejecuci\u00f3n de comandos arbitratios en vCenter Server<\/li>\n<\/ul>\n\n\n\n<p>Un atacante con privilegios puede ejecutar comandos maliciosos en el servidor vCenter si puede modificar alarmas o ejecutar scripts.<\/p>\n\n\n\n<p>Riesgo: Alto (CVSS 8.8)<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CVE-2025-41226 \u2013 Denegaci\u00f3n de servicio desde una m\u00e1quina virtual<\/li>\n<\/ul>\n\n\n\n<p>Un usuario con acceso de invitado puede causar una ca\u00edda del servicio en m\u00e1quinas virtuales usando VMware Tools.<\/p>\n\n\n\n<p>Riesgo: Medio (CVSS 6.8)<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CVE-2025-41227 \u2013 Agotamiento de memoria en host ESXi<\/li>\n<\/ul>\n\n\n\n<p>Un atacante con pocos privilegios puede desestabilizar el sistema host causando consumo excesivo de memoria.<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; Riesgo: Medio (CVSS 5.5)<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CVE-2025-41228 \u2013 XSS reflejado en vCenter\/ESXi<\/li>\n<\/ul>\n\n\n\n<p>Permite robar cookies o redirigir usuarios a sitios maliciosos desde la p\u00e1gina de inicio de sesi\u00f3n si no hay validaci\u00f3n de entrada.<\/p>\n\n\n\n<p>Riesgo: Bajo (CVSS 4.3)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">soluci\u00f3n:<\/h2>\n\n\n\n<p>Se recomienda aplicar las actualizaciones lo antes posible para mitigar los riesgos.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ESXi: 8.0 U3se-24659227 y 7.0 U3sv-24723868<\/li>\n\n\n\n<li>vCenter Server: 8.0 U3e y 7.0 U3v<\/li>\n\n\n\n<li>Workstation\/Fusion: 17.6.3 y 13.6.3<\/li>\n<\/ul>\n\n\n\n<p>Las actualizaciones las puede encontrar aqu\u00ed<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/8-0\/release-notes\/esxi-update-and-patch-release-notes\/vsphere-esxi-80u3e-release-notes.html\">https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/8-0\/release-notes\/esxi-update-and-patch-release-notes\/vsphere-esxi-80u3e-release-notes.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/7-0\/release-notes\/esxi-update-and-patch-release-notes\/vsphere-esxi-70u3v-release-notes.html\">https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/7-0\/release-notes\/esxi-update-and-patch-release-notes\/vsphere-esxi-70u3v-release-notes.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/8-0\/release-notes\/vcenter-server-update-and-patch-release-notes\/vsphere-vcenter-server-80u3e-release-notes.html\">https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/8-0\/release-notes\/vcenter-server-update-and-patch-release-notes\/vsphere-vcenter-server-80u3e-release-notes.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/7-0\/release-notes\/vcenter-server-update-and-patch-releases\/vsphere-vcenter-server-70u3v-release-notes.html\">https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere\/vsphere\/7-0\/release-notes\/vcenter-server-update-and-patch-releases\/vsphere-vcenter-server-70u3v-release-notes.html<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Informaci\u00f3n adicional:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere.html\">https:\/\/techdocs.broadcom.com\/us\/en\/vmware-cis\/vsphere.html<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/blog.segu-info.com.ar\/2025\/05\/vmware-corrige-rce-dos-y-xss-en-esxi.html\">https:\/\/blog.segu-info.com.ar\/2025\/05\/vmware-corrige-rce-dos-y-xss-en-esxi.html<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"featured_media":10721,"template":"","class_list":["post-10720","publicacion","type-publicacion","status-publish","has-post-thumbnail","hentry"],"acf":{"activar_pdf_link":false,"pdf":null,"numero_de_boletin":"","traffic_light_protocol":"Amber"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10720","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion"}],"about":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/types\/publicacion"}],"version-history":[{"count":2,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10720\/revisions"}],"predecessor-version":[{"id":10724,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/10720\/revisions\/10724"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media\/10721"}],"wp:attachment":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media?parent=10720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}