Security News > 2023 > March > CISA warns of critical VMware RCE flaw exploited in attacks

CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild.
The flaw was found in the XStream open-source library used by vulnerable VMware products and has been assigned an almost maximum severity score of 9.8/10 by VMware.
"Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation, a malicious actor can get remote code execution in the context of 'root' on the appliance," VMware explains.
VMware released security updates to address the CVE-2021-39144 flaw reported by Sina Kheirkhah of MDSec and Steven Seeley of Source Incite on October 25th. Because of the severity of the issue, VMware also issued patches for some end-of-life products.
CISA's decision to include the CVE-2021-39144 vulnerability in its Known Exploited Vulnerabilities catalog follows confirmation from VMware that the bug is being exploited in the wild.
With the flaw's addition to the KEV catalog, CISA has ordered U.S. federal agencies to secure their systems against attacks within three weeks, until March 31st, to thwart attacks that might target their networks.
News URL
Related news
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-23 | CVE-2021-39144 | Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. | 8.5 |