Integer Underflow in VMware ESXi, Workstation and Fusion Affects Virtual Machine Security
CVE-2025-41237
What is CVE-2025-41237?
VMware ESXi, Workstation, and Fusion are affected by an integer underflow vulnerability within the Virtual Machine Communication Interface (VMCI). This flaw can allow a local attacker with administrative privileges on a virtual machine to perform an out-of-bounds write, potentially leading to arbitrary code execution in the VMX process on the host machine. In the case of ESXi, the impact is confined to the VMX sandbox; however, on Workstation and Fusion, the threat extends to the host system itself. Immediate action is recommended to secure affected installations.
Affected Version(s)
Cloud Foundation 9.0.0.0, 5.x, 4.5.x
ESXi 8.0
ESXi 8.0
News Articles
CybleCSA Issues Critical Alert For VMware Vulnerabilities
Broadcom and CSA warn of critical VMware Vulnerabilities ilties flaws, including CVE-2025-41236 and CVE-2025-41237. Update ESXi, Workstation, and Fusion immediately to stay secure.
3 weeks ago
Security AffairsBroadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025
VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them.
3 weeks ago
Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025
VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them.
3 weeks ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by Cyber Security Agency of Singapore
Vulnerability published
Vulnerability Reserved