CVE-2025-41236

Published Jul 15, 2025

Last updated 3 days ago

CVSS critical 9.3
VMware
VMware ESXi
VMware Workstation
VMware Fusion

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-41236 is an integer overflow vulnerability that exists within the VMXNET3 virtual network adapter in VMware ESXi, Workstation, and Fusion. A malicious actor with local administrative privileges on a virtual machine with a VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non-VMXNET3 virtual adapters are not affected by this vulnerability. The vulnerability is due to an integer overflow, which could allow a local attacker with administrative access on a virtual machine to execute arbitrary code on the host system. On VMware Workstation and Fusion, successful exploitation could lead to complete host system compromise, allowing attackers to break out of the virtual machine environment entirely.

Description
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
Source
security@vmware.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.3
Impact score
6
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@vmware.com
CWE-787

Social media

Hype score
Not currently trending

  1. Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025 Broadcom patched four critical VMware vulnerabilities disclosed at Pwn2Own Berlin 2025, where white hat hackers earned over $340,000. STARLabs SG won $150,000 for exploiting CVE-2025-41236, an integer https:

    @dCypherIO

    18 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin https://t.co/KO82Sd0KdG "These flaws are tracked as CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238." https://t.co/rWZTWhLtnz

    @catnap707

    17 Jul 2025

    183 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Broadcom patched critical VMware vulnerabilities disclosed at Pwn2Own Berlin 2025, earning over $340,000. Flaws like CVE-2025-41236 could enable local privilege escalation and memory leaks. #VMware #Security #Germany https://t.co/QM5HY87eQ2

    @TweetThreatNews

    17 Jul 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239) Classification: Critical Solution: Official Fix Exploit Maturity: Not Defined Issue date: 2025-07-15 CVSSv3 htt

    @endi24

    16 Jul 2025

    893 Impressions

    3 Retweets

    4 Likes

    4 Bookmarks

    2 Replies

    0 Quotes

  5. Today's CVE Brief: - 9 active CISA KEV vulns - 5 critical, 15 high-priority CVEs (July 15) - VMware VM escapes (CVE-2025-41236/7): hypervisor compromise risk - Enterprise risks: Oracle APEX, BI Publisher, SOLIDWORKS https://t.co/Ykh4Hv37ol #CVE #infosec #cybersecurity

    @BriefCve27259

    16 Jul 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️ VMware ESXi & Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host Read more: https://t.co/LIl3CHzuTP 1. VMware patched CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 targeting VMXNET3, VMCI, PVSCSI, and vSockets components.

    @The_Cyber_News

    16 Jul 2025

    1237 Impressions

    5 Retweets

    16 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  7. 【セキュリティ ニュース】「VMware ESXi」など複数仮想化製品に深刻な脆弱性 - 早急に更新を(1ページ目 / 全3ページ):Security NEXT https://t.co/XFchC4smxp VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address mul

    @taku888infinity

    16 Jul 2025

    760 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ブロードコム社がVMware製品群の重大(Critical)な脆弱性を修正。CVSSスコア9.3が3件で、ESXi、Workstation、Fusionに影響。 https://t.co/scugRcjZt3 CVE-2025-41236はVMXNET3における整数オーバーフロー、CVE-2025-41237はVMCIにおける整数

    @__kokumoto

    15 Jul 2025

    5114 Impressions

    21 Retweets

    48 Likes

    13 Bookmarks

    1 Reply

    3 Quotes

  9. Broadcom has released urgent patches for four critical, including CVE-2025-41236 and CVE-2025-41237 (CVSS up to 9.3) VMware vulnerabilities affecting ESXi, Workstation, and Fusion, allowing host code execution. #VMware #Virtualization #Broadcom #Pwn2Own https://t.co/TK1zkMibai

    @the_yellow_fall

    15 Jul 2025

    3496 Impressions

    35 Retweets

    73 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.