CISA Reports Active Exploitation of Critical VMware RCE Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised an alert regarding a critical VMware vCenter Server vulnerability. This issue, identified as CVE-2024-37079, has been confirmed as actively exploited, prompting federal agencies to act swiftly.
Details of the Vulnerability
Patched in June 2024, CVE-2024-37079 is linked to a heap overflow in the DCERPC protocol within vCenter Server. This platform, part of Broadcom’s VMware vSphere, aids administrators in managing ESXi hosts and virtual machines.
Attackers with network access can exploit this vulnerability through specially crafted packets. Such low-complexity attacks do not require authorization or user interaction to succeed, posing significant risks.
Call to Action for Federal Agencies
On February 13th, federal agencies must secure their servers, as CISA has mandated. This requirement is enforced under the Binding Operational Directive (BOD) 22-01, originally issued in November 2021.
- Federal Civilian Executive Branch (FCEB) agencies include the:
- Department of State
- Department of Justice
- Department of Energy
- Department of Homeland Security
Recommendations from CISA
CISA strongly advises agencies to follow vendor instructions for mitigations, apply any necessary patches, or cease using vulnerable products if no solutions are available. The agency highlights that such vulnerabilities frequently become targets for cybercriminals.
Broadcom’s Acknowledgment
Broadcom has also updated its advisory regarding CVE-2024-37079 and confirmed that it has been exploited in the wild. They noted that there is credible information concerning these ongoing threats.
Previous Vulnerabilities
This is not the first concerning issue for Broadcom’s VMware products. In October, CISA mandated patches for CVE-2025-41244, which was being exploited by malicious actors. Last year alone, Broadcom addressed several high-severity vulnerabilities through patches, including CVE-2025-41251 and CVE-2025-41252, reported by the U.S. National Security Agency.
As threats evolve, security teams are under pressure to protect systems rapidly. The shift towards tools like the Model Context Protocol (MCP) emphasizes the need for heightened security measures.
