Denial of Service Vulnerability in VMware ESXi, Workstation, and Fusion
CVE-2025-41227

5.5MEDIUM

What is CVE-2025-41227?

VMware ESXi, Workstation, and Fusion are affected by a denial-of-service vulnerability resulting from specific guest options. An attacker with non-administrative privileges in a guest OS could potentially exploit this vulnerability, leading to memory exhaustion in the host process. This could disrupt service availability, allowing unauthorized users to impact system stability.

Affected Version(s)

VMware Cloud Foundation 5.x, 4.5.x

VMware ESXi 8.0

VMware ESXi 7.0

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-41227 : Denial of Service Vulnerability in VMware ESXi, Workstation, and Fusion