CVE DATABASE / CVE-2021-22005
CVE-2021-22005
VMware vCenter Server File Upload Vulnerability
CVSS 9.8 · CRITICAL
⚠ CISA KEV — ACTIVELY EXPLOITED
RANSOMWARE
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2021-11-03.
Federal remediation due 2021-11-17.
Required action: Apply updates per vendor instructions.
Summary
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Vmware cloud foundationVmware vcenter server
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html
- https://www.vmware.com/security/advisories/VMSA-2021-0020.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22005
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-30. Always verify against the vendor advisory before acting.