A critical heap-overflow vulnerability in VMware ESXi's OpenSLP service is being actively exploited in the wild to deploy ransomware, requiring immediate patching or service disabling.

This is a heap-overflow remote code execution vulnerability in the OpenSLP service. Attackers on the same network segment can exploit this flaw via port 427 to execute arbitrary code with elevated privileges.

This vulnerability carries a CVSS score of 8.8 and is currently being exploited in the wild, notably by the ESXiArgs ransomware. Successful exploitation allows for complete takeover of the hypervisor, leading to catastrophic data loss, operational downtime, and potential permanent loss of virtualized assets.

Immediate Action: Apply the specific patch versions (e.g., ESXi70U1c-17325551) listed in the VMware security advisory. If patching is not immediately feasible, disable the OpenSLP service on all ESXi hosts.

Proactive Monitoring: Monitor network traffic to port 427 for unauthorized connection attempts and audit ESXi logs for signs of unauthorized execution or unexpected file modifications.

Compensating Controls: Use network segmentation or firewalls to restrict access to port 427 to only authorized, trusted management hosts.

Public Exploit Available: true

This vulnerability is critical and confirmed to be under active exploitation. Organizations must treat this with the highest urgency. If hosts cannot be patched immediately, disabling the OpenSLP service is the required standard to prevent ransomware infection.