Security News > 2023 > January > Exploit released for critical VMware vRealize RCE vulnerability
Horizon3 security researchers have released proof-of-concept code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances.
Earlier today, Horizon3 published the PoC exploit and explained that the RCE exploit "Abuses the various Thrift RPC endpoints to achieve an arbitrary file write."
Although there are no public reports of attacks leveraging this exploit chain and no attempts to exploit it in the wild, resourceful and motivated threat actors will likely move quickly to adopt Horizon3's RCE exploit or create their own custom versions.
Last year, Horizon3 researchers also released an exploit for CVE-2022-22972, a critical authentication bypass security flaw affecting multiple VMware products and allowing a malicious actor to gain admin privileges on unpatched instances.
Researchers to release VMware vRealize Log RCE exploit, patch now.
Exploit released for critical ManageEngine RCE bug, patch now.
News URL
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-22972 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |