Integer Overflow Vulnerability in VMware ESXi, Workstation, and Fusion Products
CVE-2025-41236

9.3CRITICAL

Key Information:

Vendor: Vmware
Status: Esxi; Cloud Foundation; Workstation; Fusion
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-41236?

VMware ESXi, Workstation, and Fusion have an integer overflow vulnerability that could be exploited by a malicious actor, given local administrative privileges on a virtual machine utilizing the VMXNET3 virtual network adapter. This flaw enables the potential execution of code on the host system, highlighting the importance of securing virtual environments against such threats. It is important to note that non-VMXNET3 virtual adapters are not impacted by this issue, making it crucial for administrators to assess their network configurations to mitigate the associated risks.

Affected Version(s)

Cloud Foundation 5.x, 4.5.x

ESXi 8.0

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Apr 16, 2025

Vmware

What is CVE-2025-41236?

Affected Version(s)

References

CVSS V3.1

Timeline