The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HVMware Cloud Foundation
APPVmware4.0 – 5.2 (bez)VMware Vcenter Server
APPVmware7.08.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
Related vulnerabilities
CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam produkt
VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process
CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam produkt
VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE
CVE-2024-37079CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Heap overflow w VMware vCenter Server via protokół DCERPC — RCE
CVE-2023-34048CRITICAL9.8⚠ KEVten sam produkt
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A m...
CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...