AI description
CVE-2025-41237 is an integer underflow vulnerability in the Virtual Machine Communication Interface (VMCI) found in VMware ESXi, Workstation, and Fusion. This vulnerability can lead to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine could exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox, whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
- Description
- VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@vmware.com
- CWE-787
- Hype score
- Not currently trending
VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin https://t.co/KO82Sd0KdG "These flaws are tracked as CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238." https://t.co/rWZTWhLtnz
@catnap707
17 Jul 2025
183 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239) Classification: Critical Solution: Official Fix Exploit Maturity: Not Defined Issue date: 2025-07-15 CVSSv3 htt
@endi24
16 Jul 2025
893 Impressions
3 Retweets
4 Likes
4 Bookmarks
2 Replies
0 Quotes
⚠️ VMware ESXi & Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host Read more: https://t.co/LIl3CHzuTP 1. VMware patched CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239 targeting VMXNET3, VMCI, PVSCSI, and vSockets components.
@The_Cyber_News
16 Jul 2025
1237 Impressions
5 Retweets
16 Likes
3 Bookmarks
0 Replies
0 Quotes
ブロードコム社がVMware製品群の重大(Critical)な脆弱性を修正。CVSSスコア9.3が3件で、ESXi、Workstation、Fusionに影響。 https://t.co/scugRcjZt3 CVE-2025-41236はVMXNET3における整数オーバーフロー、CVE-2025-41237はVMCIにおける整数
@__kokumoto
15 Jul 2025
5114 Impressions
21 Retweets
48 Likes
13 Bookmarks
1 Reply
3 Quotes
Broadcom has released urgent patches for four critical, including CVE-2025-41236 and CVE-2025-41237 (CVSS up to 9.3) VMware vulnerabilities affecting ESXi, Workstation, and Fusion, allowing host code execution. #VMware #Virtualization #Broadcom #Pwn2Own https://t.co/TK1zkMibai
@the_yellow_fall
15 Jul 2025
3496 Impressions
35 Retweets
73 Likes
22 Bookmarks
0 Replies
0 Quotes