Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2024-37079 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a centralized management platform developed […]

CISA BlueHammer (CVE-2026-33825)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2024-37079 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

vCenter Server is a centralized management platform developed by VMware for managing virtualized environments.

In June 2024, VMware addressed vCenter Server vulnerabilities, tracked as CVE-2024-37079 and CVE-2024-37080, that remote attackers can exploit to achieve remote code execution or privilege escalation.

The flaws are heap-overflow issues in the implementation of the DCERPC protocol. An attacker with network access can exploit them via crafted packets, potentially achieving remote code execution.

“The vCenter Server contains multiple heap-overflow vulnerabilities in the implementation of the DCERPC protocol. VMware has evaluated the severity of these issues to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.” reads the  advisory. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution.”

Customers are recommended to install the released security patches, no workarounds are available.

The vulnerabilities were reported by Hao Zheng (@zhz) and Zibo Li (@zbleet) from TianGong Team of Legendsec at Qi’anxin Group.

In an advisory update, Broadcom confirmed it is aware of attacks targeting CVE-2024-37079, however, exploitation details remain undisclosed.

“Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.” continues the advisory.

Researchers revealed at Black Hat Asia 2025 that CVE-2024-37079 is part of four DCE/RPC flaws, three heap overflows and one privilege escalation. Two related bugs were patched in September 2024. One heap overflow can be chained with CVE-2024-38813 to gain remote root access on ESXi.

“Notably, we were able to exploit one of the heap overflow vulnerabilities in combination with the privilege escalation vulnerability to achieve unauthorized remote root access, successfully completing the Matrix Cup 2024 vulnerability challenge.” wrote the researchers. “In this presentation, we will begin by providing a detailed overview of the DCERPC protocol and the four vulnerabilities we uncovered in its implementation within vCenter Server, which have been assigned CVE numbers CVE-2024-37079, CVE-2024-37080, CVE-2024-38812, and CVE-2024-38813. “

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerability by February 13, 2026.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)