Nutanix is widely used for hyperconverged infrastructure, storage and cloud-like services. But that doesn’t mean it’s immune to security risks. In this post, we look at 10 recent vulnerabilities affecting Nutanix products like AOS, AHV, Prism, etc., explain what they are, and show easy steps to protect your systems.
This guide highlights the 10 most important Nutanix vulnerabilities in 2025. Each vulnerability includes a short description, vulnerable versions, fixed versions, risk rating, and a quick fix. Stay secure and keep your HCI infrastructure safe.
1. AOS: Apache CXF DoS Vulnerability
This issue comes from outdated Apache CXF libraries bundled in AOS. Attackers could flood the service with crafted requests, making management functions unresponsive.
- Vulnerable versions: AOS 6.5.x to 7.0.1.4
- Risk Factor: Service disruption or denial of service
- Quick fix: Upgrade to AOS 7.0.1.5 and later; restrict API access; apply firewall/rate-limits.
2. Prism Central Stored XSS (CVE-2024-12223)
A flaw in the Events module allowed attackers to inject scripts into Prism Central. If an admin viewed the page, the malicious code could hijack their session.
- Vulnerable versions: Prism Central < 2024.3.1
- Risk Factor: Account/session takeover
- Quick fix: Upgrade to Prism Central 2024.3.1 or later; restrict event access; enforce short session lifetimes.
3. AHV Multiple Component Issues
Several CVEs in Nutanix AHV bundled services (rsync, web components) could let attackers inject files, trigger XSS, or leak memory data.
- Vulnerable versions: Nutanix AHV < 10.0.1.1
- Risk Factor: Data exposure, file manipulation, service instability
- Quick fix: Upgrade AHV 10.0.1.1 and later, audit exposed services; disable unused modules.
4. AOS Third-Party Library Flaws
AOS packages include common libraries (bzip2, libxml2, OpenSSL, jQuery). Older builds shipped with versions known to contain exploitable bugs.
- Vulnerable versions: AOS builds before patched releases in 2024 advisories
- Risk Factor: Remote code execution or data leaks through library exploits
- Quick fix: Apply the latest AOS 10.1.8 / 7.0.1.5 and newer; disable unused services relying on these libraries.
5. AOS OpenSSH Vulnerability (CVE-2023-38408)
A weakness in OpenSSH could allow information leaks or bypasses. Nutanix guidance says their deployment reduces exposure but patching is still critical.
- Vulnerable versions: AOS images bundling OpenSSH < 9.3p2
- Risk Factor: Unauthorized access via SSH channels
- Quick fix: Upgrade AOS bundle with OpenSSH 9.3p2 or later; restrict SSH access to management network; enable jump hosts/VPN.
6. Legacy AHV/AOS Builds (Pre-2022)
Clusters running very old Nutanix builds (pre-2022) often contain unpatched CVEs that are now public and easily exploitable.
- Vulnerable versions: AHV < 2020.x and AOS < 6.x
- Risk Factor: Multiple known exploits — from XSS to privilege escalation
- Quick fix: Upgrade to latest AHV version 10.0.1.1 and later and AOS Upgrade to 6.10.1.8 / 7.0.1.5 and later; restrict access until updated.
7. Insecure SSH Defaults in AHV Hosts
Nutanix AHV host may have weak SSH configurations, making them susceptible to brute-force or unauthorized login attempts
- Vulnerable Versions: AHV < 2024.3
- Risk Factor: High — unauthorized access via SSH
- Quick Fix: Upgrade to latest AHV version 10.0.1.1 or later, enforce key-based SSH logins
8. Nutanix Calm Script Injection
Improperly validated scripts in Nutanix Calm could execute malicious commands on automation blueprints
- Vulnerable Versions: Calm < 3.8
- Risk Factor: High — potential system compromise via automation
- Quick Fix: Upgrade to 3.8.1 or later, review and secure automation blueprints
9. Storage Data Exposure in Objects Service
Misconfigurations in Nutanix Objects allowed attackers to bypass access controls and read sensitive files.
- Vulnerable Versions: Objects < 4.1.2
- Risk Factor: High — unauthorized data access
- Quick Fix: Upgrade to 4.1.2 or later, enable strong bucket policies
10. Firmware & BIOS Issues (UEFI/Hardware)
Hardware vendors regularly disclose BIOS/UEFI CVEs. If Nutanix nodes are left unpatched, attackers could exploit firmware-level flaws.
- Vulnerable versions: Nodes running outdated vendor BIOS/firmware
- Risk factor: Persistent malware at firmware level
- Quick fix: Apply BIOS/firmware latest updates, enable Secure Boot, schedule regular maintenance updates.
Quick Summary
It’s important to keep Nutanix platform up to date to prevent from cyber attacks. Please find quick version summary of Nutanix patches below:
- Prism Central → 2024.3.1 or later
- AOS → 6.10.1.8 / 6.10.2 or later
- AHV → 10.0.1.1 or later
- Nutanix Files → 4.2.1 or later
- Calm → 3.8.1 or later
- Objects → 4.1.2 or later
- Other Steps: Enforce MFA, key-based SSH, TLS best practices, audit access regularly, and monitor with Security Dashboard.
Download Nutanix Patches
You may download Nutanix AOS, AHV, Prism Central and firmware software bundles and patches to register / sign up on Nutanix portal if not yet.
To avoid confusion and simplicity, all required fix patches / software bundles download links are below:
Related Posts
Install Nutanix LCM Dark Site Bundle on Linux Server
Setup / Configure / deploy / Install the Nutanix LCM : Life Cycle Management Dark…
Nutanix LCM Framework Upgrade Process
Nutanix LCM upgrade process to upgrade the Nutanix hardware firmware e.g SATADOM, BMC, BIOS, HBA,…
SATADOM Model 3IE3 Firmware Upgrade
Nutanix has identified an issue with the S160130N and S560301N firmware on 3IE3 model…
You May Missed
Nutanix Cluster Software Upgrade Order – Best Practice
Nutanix Software / firmware upgrade order / sequence best practice for Nutanix Prism central, AOS,…
List of Hypervisors Supporting by Nutanix
Nutanix platform supports major three hypervisors with agnostic compatibility like Nutanix AHV, VMware vSphere ESXi…
Nutanix Witness VM and Purpose ?
What is Nutanix Witness VM ? What is the purpose / benefits of using Nutanix…
Nutanix CMDlet Powershell Commands Cheat sheet
Nutanix Powershell CMDlet Reference Commands script Cheat Sheet list with example to manage Nutanix cluster…
Nutanix Metro Availability Troubleshooting
Nutanix Disaster Recovery Metro Availability issues, errors troubleshooting tips and tricks with step by step…
Top 10 Nutanix Useful Commands
Nutanix cluster AHV / CVM top 10 useful commands [..] Read more