CVE-2025-49199 – VMware vRealize Log Insight Unauthenticated ZIP File Tampering Vulnerability

CVE ID : CVE-2025-49199

Published : June 12, 2025, 3:15 p.m. | 1 hour, 44 minutes ago

Description : The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…