OpenSSH vulnerability CVE-2025-32728
Article ID: 396636
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
VCF Operations/Automation (formerly VMware Aria Suite)
VMware HCX
Issue/Introduction
Vulnerability scanner detected OpenSSH vulnerability on vSphere, HCX & Aria Suite environment.
- For more information about this CVE, please refer to: CVE-2025-32728 Detail
Environment
- VMware vCenter Server 8.x
- VMware Aria Suite
- VMware HCX 4.11 or lower
Cause
- This vulnerability impacts OpenSSH version before 10.0.
- vCenter, HCX and Aria suite are using OpenSSH version prior to 10.0.
Resolution
VMware By Broadcom is aware of CVE-2025-32728.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support. For more information, see Creating and managing Broadcom support cases.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support. For more information, see Creating and managing Broadcom support cases.
Additional Information
There is no impact on ESXi.
ESXi is secure by default, as it enforces granular security directives within the SSH daemon configuration. As a result, the DisableForwarding directive not functioning as expected is classified as a functional limitation rather than a security vulnerability.
Additionally, the following SSH features are disabled by default in ESXi and cannot be configured:
-
X11Forwarding
-
ForwardAgent
Feedback
Yes
No
Powered by
