Untrusted Pointer Dereference in VMware ESXi Cloud Driver
CVE-2025-62627

7.2HIGH

Key Information:

Vendor: Amd
Status: Esxi 8.x And Esxi 9.x Hosts Using Amd-pensando Dpu Products
Vendor: CVE Published:; 13 May 2026

What is CVE-2025-62627?

An untrusted pointer dereference vulnerability in the cloud driver for VMware ESXi allows an attacker with an unprivileged virtual machine (VM) to exploit this weakness. By doing so, the attacker may gain access to sensitive kernel memory or memory from co-located guest VMs. This exploitation could lead to significant risks, including breaches of confidentiality and potential disruptions in availability, affecting the overall security posture in virtualized environments.

Affected Version(s)

ESXi 8.x and ESXi 9.x hosts using AMD-Pensando DPU products ESXi 8.0U3i, included in VCF 5.2.3.0 or 9.0.2 releases

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Oct 16, 2025

Credit

Reported through AMD Bug Bounty Program

CVE-2025-62627 Data

JSON

Amd

What is CVE-2025-62627?

Affected Version(s)

References

CVSS V4

Timeline

Credit