Information Disclosure Vulnerability in VMware ESXi and Workstation Products
CVE-2025-41239

7.1HIGH

Key Information:

Vendor

Vmware
Status
Esxi
Cloud Foundation
Workstation
Fusion
Vendor
CVE Published:
15 July 2025

Badges

đź“° News Worthy

What is CVE-2025-41239?

VMware ESXi, Workstation, Fusion, and VMware Tools are affected by an information disclosure vulnerability stemming from the usage of uninitialized memory in vSockets. This flaw allows a malicious actor with local administrative privileges on a virtual machine to potentially exploit the vulnerability, leading to the leakage of sensitive memory contents from processes interacting with vSockets. Users are advised to remain vigilant and apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Cloud Foundation 5.x, 4.5.x

ESXi 8.0

ESXi 8.0

News Articles

favicon imageSecurity Affairs

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them.

3 weeks ago

favicon imageSecurity Affairs

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them.

3 weeks ago

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • đź“°

    First article discovered by Security Affairs

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-41239 : Information Disclosure Vulnerability in VMware ESXi and Workstation Products