U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware fixed a code execution flaw in Fusion hypervisor

VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it. VMware addressed a high-severity code execution vulnerability, tracked as CVE-2024-38811 (CVSS 8.8/10), in its Fusion hypervisor. The vulnerability is due to the usage of an insecure environment variable, a threat actor with standard user privileges can […]

VMware Fusion Pwn2Own Berlin 2025

VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it.

VMware addressed a high-severity code execution vulnerability, tracked as CVE-2024-38811 (CVSS 8.8/10), in its Fusion hypervisor.

The vulnerability is due to the usage of an insecure environment variable, a threat actor with standard user privileges can trigger the flaw to execute code in the context of the Fusion application.

“VMware Fusion contains a code-execution vulnerability due to the usage of an insecure environment variable.” reads the advisory published by the virtualization giant. “A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.”

The vulnerability affects VMware Fusion versions 13.x, the company addressed the issue with the version 13.6.

According to the advisory, there are no workarounds available for the vulnerability. It is not clear if the company is aware of attacks in the wild that exploited the flaw.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, VMware Fusion)