COOEY // HUBcompliance · community · intelligence

FAIL › dossier

ESXi product

3
failure events
0
zero-days
1
RCEs
3
on KEV
3
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 3 events

DateEventSevFlagsShameSummary
2021-11-03 CVE-2020-3992 critical ⚡RCE ⌖KEV 95 VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.
2025-03-04 CVE-2025-22225 critical ⌖KEV 80 VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.
2024-07-30 CVE-2024-37085 critical ⌖KEV 80 VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins'