Denial of Service Vulnerability in VMware ESXi, Workstation, and Fusion
CVE-2025-41227

5.5MEDIUM

Key Information:

Vendor: VMware
Status: Vmware Esxi; Vmware Cloud Foundation; Vmware Telco Cloud Platform; Vmware Telco Cloud Infrastructure
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-41227?

VMware ESXi, Workstation, and Fusion are affected by a denial-of-service vulnerability resulting from specific guest options. An attacker with non-administrative privileges in a guest OS could potentially exploit this vulnerability, leading to memory exhaustion in the host process. This could disrupt service availability, allowing unauthorized users to impact system stability.

Affected Version(s)

VMware Cloud Foundation 5.x, 4.5.x

VMware ESXi 8.0

VMware ESXi 7.0

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 16, 2025