The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation in real world attacks.
The flaw, tracked as CVE-2024-37079 and assigned a CVSS score of 9.8, impacts the implementation of the DCE/RPC protocol within VMware vCenter Server. According to CISA, the vulnerability can allow a threat actor with network access to execute arbitrary code remotely by sending specially crafted network packets to a vulnerable system.
Technical Overview of the Vulnerability
CVE-2024-37079 is classified as a heap overflow issue that can result in remote code execution. Broadcom addressed the vulnerability in June 2024 as part of a broader security update. The same update also fixed CVE-2024-37080, another heap overflow weakness in the DCE/RPC protocol that carried similar remote code execution risks.
The vulnerabilities were discovered and reported by Hao Zheng and Zibo Li, researchers from the Chinese cybersecurity firm QiAnXin LegendSec.
Related Research and Exploitation Potential
During a presentation at the Black Hat Asia security conference in April 2025, the researchers explained that CVE-2024-37079 is part of a larger set of four vulnerabilities found in the DCE/RPC service. This group of flaws included three heap overflow issues and one privilege escalation vulnerability.
The remaining two issues, CVE-2024-38812 and CVE-2024-38813, were patched by Broadcom in September 2024. The researchers demonstrated that one of the heap overflow vulnerabilities could be chained with the privilege escalation flaw CVE-2024-38813 to gain unauthorized remote root access, ultimately allowing attackers to take control of ESXi hosts.
Active Exploitation and Required Action
While specific details about how CVE-2024-37079 is being exploited remain unclear, Broadcom has updated its advisory to confirm that the vulnerability has been abused in the wild. The company stated that it has reliable information indicating real world exploitation activity.
Due to the confirmed threat, Federal Civilian Executive Branch (FCEB) agencies are required to upgrade to the latest supported versions of VMware vCenter Server by February 13, 2026, in accordance with federal cybersecurity directives.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
