The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered federal agencies to secure their servers within three weeks.
This security flaw (CVE-2024-37079) which exists in vCenter Server (a Broadcom VMware vSphere management platform that helps admins manage ESXi hosts and virtual machines) originates from a heap overflow weakness that affects the DCERPC protocol implementation.
Network attackers who gain access to vCenter Server can use this security flaw to execute remote code by sending a network packet which initiates low-complexity attacks that need no system privileges or user interaction.
Broadcom instructed its customers to immediately implement security patches on the most recent vCenter Server and Cloud Foundation releases because CVE-2024-37079 has no available workarounds or mitigation methods.
CISA added the vulnerability to its list of real world exploited security flaws on Friday, which required Federal Civilian Executive Branch (FCEB) agencies to complete system protection by February 13th according to the Binding Operational Directive (BOD) 22-01 that was issued in November 2021.
FCEB agencies operate as non military executive branch bodies of the U.S. government which include the Department of State and the Department of Justice and the Department of Energy and the Department of Homeland Security.
CISA issued a warning about "this type of vulnerability" which serves as "a common attack path" used by "malicious cyber actors" to create serious threats against "the federal enterprise." The vendor instructions require users to apply mitigations while they need to follow the BOD 22-01 guidance for cloud services or discontinue product usage if they cannot access the required mitigations.
Broadcom confirmed on the same day which it had updated its initial advisory that it had verified through its security systems which CVE-2024-37079 had been used for actual attacks in real world situations.
The company issued a warning about CVE-2024-37079 because its research showed evidence of active exploitation.
The U.S. government agencies received an order from CISA to fix the major security vulnerability which affects Broadcom's VMware Aria Operations and VMware Tools software through the critical security flaw CVE-2025-41244 that Chinese hackers used to conduct zero-day attacks beginning in October 2024.
Last year Broadcom released security updates to fix two serious VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) which the U.S. National Security Agency (NSA) reported and solved three VMware zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) which Microsoft had reported as being used in active attacks.
👉🏻 Found this article interesting? Follow us on Facebook, Twitter and whatsapp to read more exclusive content we post.
