CVE-2025-3838 – “VMware Connect Unauthorized Access to Installer Credentials”

April 21, 2025

CVE ID : CVE-2025-3838

Published : April 21, 2025, 10:15 a.m. | 41 minutes ago

Description : An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3840 – Oracle OVA Connect Installer Cross-Site Scripting (XSS)

Next Article CVE-2025-3837 – “VMware End of Life OVA Connect Remote Code Execution Vulnerability”

Highlights

CVE-2025-20308 – Cisco Spaces Connector Privilege Escalation Vulnerability

July 2, 2025

CVE ID : CVE-2025-20308

Published : July 2, 2025, 4:15 p.m. | 3 hours, 27 minutes ago

Description : A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.

Severity: 6.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

ChatGPT now has an agent mode

Scrum Alliance and Kanban University partner to offer new course that teaches both methodologies

Is ChatGPT down? You’re not alone. Here’s what OpenAI is saying

I found a tablet that could replace my iPad and Kindle – and it’s worth every penny

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

Execute Ping Commands and Get Back Structured Data in PHP

Execute Ping Commands and Get Back Structured Data in PHP

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

Microsoft confirms active cyberattacks on SharePoint servers

How to Manually Check & Install Windows 11 Updates (Best Guide)

CVE-2025-3838 – “VMware Connect Unauthorized Access to Installer Credentials”

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Zyxel Devices Hit by Active Exploits Targeting CVE-2023-28771 Vulnerability

CVE-2025-48931 – TeleMessage MD5 Password Hashing Weakness

CVE-2025-6936 – Simple Pizza Ordering System SQL Injection

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

CVE-2025-20308 – Cisco Spaces Connector Privilege Escalation Vulnerability

CVE-2025-32813 – Infoblox NETMRI Unauthenticated Command Injection Vulnerability

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-44192 – SourceCodester Simple Barangay Management System SQL Injection Vulnerability

CVE-2025-3838 – “VMware Connect Unauthorized Access to Installer Credentials”

Related Posts