Information Disclosure Vulnerability in VMware ESXi and Workstation Products
CVE-2025-41239

7.1HIGH

Key Information:

Vendor: Vmware
Status: Esxi; Cloud Foundation; Workstation; Fusion
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-41239?

VMware ESXi, Workstation, Fusion, and VMware Tools are affected by an information disclosure vulnerability stemming from the usage of uninitialized memory in vSockets. This flaw allows a malicious actor with local administrative privileges on a virtual machine to potentially exploit the vulnerability, leading to the leakage of sensitive memory contents from processes interacting with vSockets. Users are advised to remain vigilant and apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Cloud Foundation 5.x, 4.5.x

ESXi 8.0

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Apr 16, 2025

Vmware

What is CVE-2025-41239?

Affected Version(s)

References

CVSS V3.1

Timeline