VMware ESXi and Workstation Vulnerabilities Allow Host-Level Code Execution
gbhackersBroadcom disclosed four critical vulnerabilities in VMware’s virtualization suite on July 15, 2025, enabling attackers to escape virtual machines and execute code directly on host systems.
The flaws, discovered through the Pwn2Own competition, affect ESXi, Workstation, Fusion, and VMware Tools across enterprise and desktop environments.
Vulnerability Overview
| CVE ID | Component | Vulnerability Type | CVSS Score | Impact |
| CVE-2025-41236 | VMXNET3 Virtual NIC | Integer Overflow | 9.3 | Host-level code execution |
| CVE-2025-41237 | VMCI | Integer Underflow | 9.3 | VMX process compromise |
| CVE-2025-41238 | PVSCSI Controller | Heap Overflow | 9.3 | Host-level code execution |
| CVE-2025-41239 | vSockets | Information Disclosure | 7.1 | Memory leak |
The most severe vulnerability, CVE-2025-41236, resides in the VMXNET3 virtual network adapter.
Attackers with administrative privileges inside a guest virtual machine can trigger an integer overflow that allows arbitrary code execution on the underlying host system.
This flaw affects VMware’s most commonly deployed virtual network adapter, making it particularly dangerous for cloud and enterprise environments ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE