Back to KEVs

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 04, 2021
Published Date
September 23, 2021
Last Updated
October 21, 2025
Vendor
VMware
Product
VMware vCenter Server, VMware Cloud Foundation
Description
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
Tags
cisa malware ransomware nuclei_scanner metasploit

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source
Used in Malware
Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://www.vmware.com/security/advisories/VMSA-2021-0020.html http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vcenter_analytics_file_upload.rb 2025-04-28 15:02:11 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22005.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

vmware_vcenter_analytics_file_upload

Type: metasploit • Created: Unknown

Metasploit module for CVE-2021-22005

Jun-5heng/CVE-2021-22005

Type: github • Created: 2021-10-27 08:36:21 UTC • Stars: 20

VMware vCenter Server任意文件上传漏洞 / Code By:Jun_sheng

tiagob0b/CVE-2021-22005

Type: github • Created: 2021-10-24 23:14:01 UTC • Stars: 2

TaroballzChen/CVE-2021-22005-metasploit

Type: github • Created: 2021-10-02 07:32:04 UTC • Stars: 24

the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

rwincey/CVE-2021-22005

Type: github • Created: 2021-09-28 21:06:59 UTC • Stars: 37

5gstudent/CVE-2021-22005-

Type: github • Created: 2021-09-25 07:19:42 UTC • Stars: 12

CVE-2021-22005批量验证python脚本

1ZRR4H/CVE-2021-22005

Type: github • Created: 2021-09-23 00:09:03 UTC • Stars: 8

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Exploit Used in Malware

  • Added to KEVIntel

  • Added to KEVIntel

  • Detected by Nuclei

  • Detected by Metasploit