48/69 Monday, January 26, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware vCenter Server, tracked as CVE-2024-37079 (CVSS score 9.8), to its Known Exploited Vulnerabilities (KEV) Catalog after confirming real-world exploitation. The vulnerability is caused by a heap-overflow flaw in the DCERPC protocol handling, which allows network-accessible attackers to send specially crafted packets that can lead to remote code execution (RCE).
Broadcom has confirmed indicators that the vulnerability is being actively exploited in the wild. Information presented at Black Hat Asia 2025 demonstrated that CVE-2024-37079 can be chained with other vulnerabilities, such as CVE-2024-38813, to perform privilege escalation and gain root access on ESXi hosts, significantly increasing the risk to enterprise virtualization environments.
To mitigate the threat, administrators are urged to immediately apply the security patches released by the vendor, as no workaround is available. CISA has mandated that U.S. federal civilian agencies remediate the vulnerability by February 13, 2026, and strongly recommends that organizations regularly monitor the KEV Catalog to prioritize remediation of vulnerabilities that are known to be actively exploited.
