CVE-2025-41236
Published Jul 15, 2025
Last updated 8 months ago
- Description
- VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@vmware.com
- CWE-787
- Hype score
- Not currently trending
⚠️Actualización de seguridad para componentes de Dell VxRail ❗CVE-2025-41236 ❗CVE-2025-41237 ❗CVE-2025-41238 ➡️Más info: https://t.co/YyJVVLapza https://t.co/G00KSrV4wV
@CERTpy
4 Sept 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware ESXiに深刻な整数オーバーフロー脆弱性(CVE-2025-41236)が確認された。 ESXi 7.xおよび一部8.xのHTTP管理インターフェースに存在し、未認証で任意コード実行や権限昇格、ランサムウェア展開が可能となる。
@yousukezan
12 Aug 2025
4729 Impressions
17 Retweets
40 Likes
19 Bookmarks
0 Replies
1 Quote
We added VMware ESXi CVE-2025-41236 (CVSS 9.3) version based detection to our daily scans. First added 2025-07-19 with 17,238 IPs found. Latest scan (2025-08-10) detects 16,330 unpatched IPs, which is a slow patch rate. Top affected: France, China, US, Germany https://t.co/Cenf
@Shadowserver
11 Aug 2025
8517 Impressions
25 Retweets
93 Likes
52 Bookmarks
1 Reply
1 Quote
⚠️Vulnerabilidades en VMware ESXi, Workstation, Fusion y Tools ❗CVE-2025-41236 ❗CVE-2025-41237 ❗CVE-2025-41238 ➡️Más info: https://t.co/3dGwGLU48F https://t.co/hT8f1WA4Jz
@CERTpy
25 Jul 2025
90 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41236:VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges may exploit this issue to execute code on the host. https://t.co/Qhq67pZ26p
@ZeroDayFacts
21 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware ESXi 8.0 Update 3f Release Notes → https://t.co/UdwVfqPwkl --- CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 as VMSA-2025-0013. and CVE-2025-2884.
@ripjyr
19 Jul 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware ESXi 7.0 Update 3w Release Notes → https://t.co/uTrclWxaPM --- CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 as VMSA-2025-0013. and CVE-2025-2884.
@ripjyr
19 Jul 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025 Broadcom patched four critical VMware vulnerabilities disclosed at Pwn2Own Berlin 2025, where white hat hackers earned over $340,000. STARLabs SG won $150,000 for exploiting CVE-2025-41236, an integer https:
@dCypherIO
18 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin https://t.co/KO82Sd0KdG "These flaws are tracked as CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238." https://t.co/rWZTWhLtnz
@catnap707
17 Jul 2025
188 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Broadcom patched critical VMware vulnerabilities disclosed at Pwn2Own Berlin 2025, earning over $340,000. Flaws like CVE-2025-41236 could enable local privilege escalation and memory leaks. #VMware #Security #Germany https://t.co/QM5HY87eQ2
@TweetThreatNews
17 Jul 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239) Classification: Critical Solution: Official Fix Exploit Maturity: Not Defined Issue date: 2025-07-15 CVSSv3 htt
@endi24
16 Jul 2025
893 Impressions
3 Retweets
4 Likes
4 Bookmarks
2 Replies
0 Quotes
Today's CVE Brief: - 9 active CISA KEV vulns - 5 critical, 15 high-priority CVEs (July 15) - VMware VM escapes (CVE-2025-41236/7): hypervisor compromise risk - Enterprise risks: Oracle APEX, BI Publisher, SOLIDWORKS https://t.co/Ykh4Hv37ol #CVE #infosec #cybersecurity
@BriefCve27259
16 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ VMware ESXi & Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host Read more: https://t.co/LIl3CHzuTP 1. VMware patched CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 targeting VMXNET3, VMCI, PVSCSI, and vSockets components.
@The_Cyber_News
16 Jul 2025
1237 Impressions
5 Retweets
16 Likes
3 Bookmarks
0 Replies
0 Quotes
【セキュリティ ニュース】「VMware ESXi」など複数仮想化製品に深刻な脆弱性 - 早急に更新を(1ページ目 / 全3ページ):Security NEXT https://t.co/XFchC4smxp VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address mul
@taku888infinity
16 Jul 2025
760 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ブロードコム社がVMware製品群の重大(Critical)な脆弱性を修正。CVSSスコア9.3が3件で、ESXi、Workstation、Fusionに影響。 https://t.co/scugRcjZt3 CVE-2025-41236はVMXNET3における整数オーバーフロー、CVE-2025-41237はVMCIにおける整数
@__kokumoto
15 Jul 2025
5114 Impressions
21 Retweets
48 Likes
13 Bookmarks
1 Reply
3 Quotes
Broadcom has released urgent patches for four critical, including CVE-2025-41236 and CVE-2025-41237 (CVSS up to 9.3) VMware vulnerabilities affecting ESXi, Workstation, and Fusion, allowing host code execution. #VMware #Virtualization #Broadcom #Pwn2Own https://t.co/TK1zkMibai
@the_yellow_fall
15 Jul 2025
3496 Impressions
35 Retweets
73 Likes
22 Bookmarks
0 Replies
0 Quotes