Security News > 2023 > January > Exploit released for critical VMware vRealize RCE vulnerability
Horizon3 security researchers have released proof-of-concept code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances.
Earlier today, Horizon3 published the PoC exploit and explained that the RCE exploit "Abuses the various Thrift RPC endpoints to achieve an arbitrary file write."
Although there are no public reports of attacks leveraging this exploit chain and no attempts to exploit it in the wild, resourceful and motivated threat actors will likely move quickly to adopt Horizon3's RCE exploit or create their own custom versions.
Last year, Horizon3 researchers also released an exploit for CVE-2022-22972, a critical authentication bypass security flaw affecting multiple VMware products and allowing a malicious actor to gain admin privileges on unpatched instances.
Researchers to release VMware vRealize Log RCE exploit, patch now.
Exploit released for critical ManageEngine RCE bug, patch now.
News URL
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-22972 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |