Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-41236 (GCVE-0-2025-41236)
Vulnerability from cvelistv5 – Published: 2025-07-15 18:34 – Updated: 2026-02-26 17:50
VLAI?
EPSS
Title
VMXNET3 integer-overflow vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
Severity ?
9.3 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | ESXi |
Affected:
8.0 , < ESXi80U3f-24784735
(custom)
Affected: 8.0 , < ESXi80U2e-24789317 (custom) Affected: 7.0 , < ESXi70U3w-24784741 (custom) |
|
| VMware | Cloud Foundation |
Affected:
5.x, 4.5.x
|
|
| VMware | Workstation |
Affected:
17.x , < 17.6.4
(custom)
|
|
| VMware | Fusion |
Affected:
13.x , ≤ 13.6.4
(custom)
|
|
| VMware | Telco Cloud Platform |
Affected:
5.x, 4.x, 3.x, 2.x
|
|
| VMware | Telco Cloud Infrastructure |
Affected:
3.x, 2.x
|
Date Public ?
2025-07-15 03:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T03:55:59.335825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:40.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3f-24784735",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2e-24789317",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3w-24784741",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.4",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "13.6.4",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-07-15T03:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u00a0A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T18:34:12.719Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMXNET3 integer-overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41236",
"datePublished": "2025-07-15T18:34:12.719Z",
"dateReserved": "2025-04-16T09:30:17.798Z",
"dateUpdated": "2026-02-26T17:50:40.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-41236",
"date": "2026-05-25",
"epss": "0.00128",
"percentile": "0.31591"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-41236\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-07-15T19:15:21.303\",\"lastModified\":\"2025-07-15T20:07:28.023\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u00a0A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.\"},{\"lang\":\"es\",\"value\":\"VMware ESXi, Workstation y Fusion presentan una vulnerabilidad de desbordamiento de enteros en el adaptador de red virtual VMXNET3. Un agente malicioso con privilegios de administrador local en una m\u00e1quina virtual con un adaptador de red virtual VMXNET3 podr\u00eda aprovechar este problema para ejecutar c\u00f3digo en el host. Los adaptadores virtuales que no sean VMXNET3 no se ven afectados por este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877\",\"source\":\"security@vmware.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41236\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-16T03:55:59.335825Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-15T20:45:34.233Z\"}}], \"cna\": {\"title\": \"VMXNET3 integer-overflow vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VMware\", \"product\": \"ESXi\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"ESXi80U3f-24784735\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"ESXi80U2e-24789317\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"ESXi70U3w-24784741\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VMware\", \"product\": \"Cloud Foundation\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x, 4.5.x\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VMware\", \"product\": \"Workstation\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.x\", \"lessThan\": \"17.6.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VMware\", \"product\": \"Fusion\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.x\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"13.6.4\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VMware\", \"product\": \"Telco Cloud Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x, 4.x, 3.x, 2.x\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VMware\", \"product\": \"Telco Cloud Infrastructure\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.x, 2.x\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-07-15T03:30:00.000Z\", \"references\": [{\"url\": \"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\\u00a0A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eVMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-07-15T18:34:12.719Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-41236\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T17:50:40.035Z\", \"dateReserved\": \"2025-04-16T09:30:17.798Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-07-15T18:34:12.719Z\", \"assignerShortName\": \"vmware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
BDU:2025-08590
Vulnerability from fstec - Published: 15.07.2025
VLAI Severity ?
Title
Уязвимость виртуального сетевого адаптера VMXNET3 программных продуктов VMware ESXi, Workstation, Fusion, Cloud Foundation, связанная с записью за границами буфера, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость виртуального сетевого адаптера VMXNET3 программных продуктов VMware ESXi, Workstation, Fusion, Cloud Foundation связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity ?
Vendor
VMware Inc.
Software Name
VMware ESXi, VMWare Workstation, VMware Fusion, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure
Software Version
до ESXi80U3f-24784735 (VMware ESXi), до ESXi80U2e-24789317 (VMware ESXi), до ESXi70U3w-24784741 (VMware ESXi), до 17.6.4 (VMWare Workstation), до 13.6.4 (VMware Fusion), до ESXi80U3f-24784735 (VMware Cloud Foundation), до ESXi70U3w-24784741 (VMware Cloud Foundation), до ESXi80U3f-24784735 (VMware Telco Cloud Platform), до ESXi70U3w-24784741 (VMware Telco Cloud Platform), до ESXi70U3w-24784741 (VMware Telco Cloud Infrastructure)
Possible Mitigations
Использование рекомендаций производителя:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877
Reference
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877
CWE
CWE-787
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "VMware Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e ESXi80U3f-24784735 (VMware ESXi), \u0434\u043e ESXi80U2e-24789317 (VMware ESXi), \u0434\u043e ESXi70U3w-24784741 (VMware ESXi), \u0434\u043e 17.6.4 (VMWare Workstation), \u0434\u043e 13.6.4 (VMware Fusion), \u0434\u043e ESXi80U3f-24784735 (VMware Cloud Foundation), \u0434\u043e ESXi70U3w-24784741 (VMware Cloud Foundation), \u0434\u043e ESXi80U3f-24784735 (VMware Telco Cloud Platform), \u0434\u043e ESXi70U3w-24784741 (VMware Telco Cloud Platform), \u0434\u043e ESXi70U3w-24784741 (VMware Telco Cloud Infrastructure)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08590",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-41236",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "VMware ESXi, VMWare Workstation, VMware Fusion, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u0430 VMXNET3 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 VMware ESXi, Workstation, Fusion, Cloud Foundation, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u0430 VMXNET3 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 VMware ESXi, Workstation, Fusion, Cloud Foundation \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)"
}
CERTFR-2025-AVI-0592
Vulnerability from certfr_avis - Published: 2025-07-16 - Updated: 2025-07-16
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x et 2.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | Cloud Foundation | Cloud Foundation et vSphere Foundation versions 9.0.0.0 sans le correctif ESXi-9.0.0.0100-24813472 | ||
| VMware | Fusion | Fusion versions 13.x antérieures à 13.6.4 | ||
| VMware | Telco Cloud Platform | Telco Cloud Platform versions 3.x et 2.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x sans le correctif ESXi80U3f-24784735 | ||
| VMware | Workstation | Worstation versions 17.x antérieures à 17.6.4 | ||
| VMware | VMware Tools | VMware Tools versions 13.x.x antérieures à 13.0.1.0 pour Windows | ||
| VMware | ESXi | ESXI versions 7.0 sans le correctif ESXi70U3w-24784741 | ||
| VMware | VMware Tools | VMware Tools versions antérieures à 12.5.3 pour Windows | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.5.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | ESXi | ESXI versions 8.0 sans les correctifs ESXi80U3f-24784735 et ESXi80U2e-24789317 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Infrastructure versions 3.x et 2.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation et vSphere Foundation versions 9.0.0.0 sans le correctif ESXi-9.0.0.0100-24813472",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.6.4",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Platform versions 3.x et 2.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x sans le correctif ESXi80U3f-24784735",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Worstation versions 17.x ant\u00e9rieures \u00e0 17.6.4",
"product": {
"name": "Workstation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions 13.x.x ant\u00e9rieures \u00e0 13.0.1.0 pour Windows",
"product": {
"name": "VMware Tools",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXI versions 7.0 sans le correctif ESXi70U3w-24784741",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions ant\u00e9rieures \u00e0 12.5.3 pour Windows",
"product": {
"name": "VMware Tools",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.5.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXI versions 8.0 sans les correctifs ESXi80U3f-24784735 et ESXi80U2e-24789317",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41236"
},
{
"name": "CVE-2025-41237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41237"
},
{
"name": "CVE-2025-41238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41238"
},
{
"name": "CVE-2025-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41239"
}
],
"initial_release_date": "2025-07-16T00:00:00",
"last_revision_date": "2025-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0592",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35877",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
]
}
CNVD-2025-18541
Vulnerability from cnvd - Published: 2025-08-15
VLAI Severity ?
Title
多款VMWare产品整数溢出漏洞
Description
VMWare ESXi等都是美国威睿(VMWare)公司的产品。VMWare ESXi是VMWare公司开发的一款企业级Type-1虚拟化管理程序(Hypervisor),可直接安装在物理服务器硬件上运行,无需依赖底层操作系统,用于高效创建和管理虚拟机。VMWare Workstation是一款由VMware公司开发的桌面虚拟化软件,允许用户在一台物理计算机上同时运行多个操作系统。VMWare Fusion是VMware为Macintosh计算机开发的虚拟机管理程序,支持在Mac上运行Windows、 Linux等操作系统。
多款VMWare产品存在整数溢出漏洞,该漏洞源于VMXNET3虚拟网络适配器存在整数溢出,攻击者可利用该漏洞导致执行任意代码、权限提升、数据中心横向移动、数据泄露。
Severity
高
Patch Name
多款VMWare产品整数溢出漏洞的补丁
Patch Description
VMWare ESXi等都是美国威睿(VMWare)公司的产品。VMWare ESXi是VMWare公司开发的一款企业级Type-1虚拟化管理程序(Hypervisor),可直接安装在物理服务器硬件上运行,无需依赖底层操作系统,用于高效创建和管理虚拟机。VMWare Workstation是一款由VMware公司开发的桌面虚拟化软件,允许用户在一台物理计算机上同时运行多个操作系统。VMWare Fusion是VMware为Macintosh计算机开发的虚拟机管理程序,支持在Mac上运行Windows、 Linux等操作系统。
多款VMWare产品存在整数溢出漏洞,该漏洞源于VMXNET3虚拟网络适配器存在整数溢出,攻击者可利用该漏洞导致执行任意代码、权限提升、数据中心横向移动、数据泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-41236
Impacted products
| Name | ['VMWare ESXi 7.0', 'VMWare ESXi 8.0', 'VMWare Cloud Foundation 5.*', 'VMWare Cloud Foundation 4.5.*', 'VMWare Telco Cloud Platform 5.*', 'VMWare Telco Cloud Platform 4.*', 'VMWare Telco Cloud Platform 3.*', 'VMWare Telco Cloud Platform 2.*', 'VMWare Telco Cloud Infrastructure 3.*', 'VMWare Telco Cloud Infrastructure 2.*', 'VMWare Workstation 17.*', 'VMWare Fusion 13.*', 'VMWare Cloud Foundation ESX 9.0.0.0', 'VMWare vSphere Foundation ESX 9.0.0.0'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-41236",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-41236"
}
},
"description": "VMWare ESXi\u7b49\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMWare\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMWare ESXi\u200c\u662fVMWare\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u4f01\u4e1a\u7ea7Type-1\u865a\u62df\u5316\u7ba1\u7406\u7a0b\u5e8f\uff08Hypervisor\uff09\uff0c\u53ef\u76f4\u63a5\u5b89\u88c5\u5728\u7269\u7406\u670d\u52a1\u5668\u786c\u4ef6\u4e0a\u8fd0\u884c\uff0c\u65e0\u9700\u4f9d\u8d56\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\uff0c\u7528\u4e8e\u9ad8\u6548\u521b\u5efa\u548c\u7ba1\u7406\u865a\u62df\u673a\u3002VMWare Workstation\u662f\u4e00\u6b3e\u7531VMware\u516c\u53f8\u5f00\u53d1\u7684\u684c\u9762\u865a\u62df\u5316\u8f6f\u4ef6\uff0c\u5141\u8bb8\u7528\u6237\u5728\u4e00\u53f0\u7269\u7406\u8ba1\u7b97\u673a\u4e0a\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002VMWare Fusion\u662fVMware\u4e3aMacintosh\u8ba1\u7b97\u673a\u5f00\u53d1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u652f\u6301\u5728Mac\u4e0a\u8fd0\u884cWindows\u3001 Linux\u7b49\u64cd\u4f5c\u7cfb\u7edf\u3002 \n\n\u591a\u6b3eVMWare\u4ea7\u54c1\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eVMXNET3\u865a\u62df\u7f51\u7edc\u9002\u914d\u5668\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u6743\u9650\u63d0\u5347\u3001\u6570\u636e\u4e2d\u5fc3\u6a2a\u5411\u79fb\u52a8\u3001\u6570\u636e\u6cc4\u9732\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-18541",
"openTime": "2025-08-15",
"patchDescription": "VMWare ESXi\u7b49\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMWare\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMWare ESXi\u200c\u662fVMWare\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u4f01\u4e1a\u7ea7Type-1\u865a\u62df\u5316\u7ba1\u7406\u7a0b\u5e8f\uff08Hypervisor\uff09\uff0c\u53ef\u76f4\u63a5\u5b89\u88c5\u5728\u7269\u7406\u670d\u52a1\u5668\u786c\u4ef6\u4e0a\u8fd0\u884c\uff0c\u65e0\u9700\u4f9d\u8d56\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\uff0c\u7528\u4e8e\u9ad8\u6548\u521b\u5efa\u548c\u7ba1\u7406\u865a\u62df\u673a\u3002VMWare Workstation\u662f\u4e00\u6b3e\u7531VMware\u516c\u53f8\u5f00\u53d1\u7684\u684c\u9762\u865a\u62df\u5316\u8f6f\u4ef6\uff0c\u5141\u8bb8\u7528\u6237\u5728\u4e00\u53f0\u7269\u7406\u8ba1\u7b97\u673a\u4e0a\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002VMWare Fusion\u662fVMware\u4e3aMacintosh\u8ba1\u7b97\u673a\u5f00\u53d1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u652f\u6301\u5728Mac\u4e0a\u8fd0\u884cWindows\u3001 Linux\u7b49\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\n\u591a\u6b3eVMWare\u4ea7\u54c1\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eVMXNET3\u865a\u62df\u7f51\u7edc\u9002\u914d\u5668\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u6743\u9650\u63d0\u5347\u3001\u6570\u636e\u4e2d\u5fc3\u6a2a\u5411\u79fb\u52a8\u3001\u6570\u636e\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eVMWare\u4ea7\u54c1\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"VMWare ESXi 7.0",
"VMWare ESXi 8.0",
"VMWare Cloud Foundation 5.*",
"VMWare Cloud Foundation 4.5.*",
"VMWare Telco Cloud Platform 5.*",
"VMWare Telco Cloud Platform 4.*",
"VMWare Telco Cloud Platform 3.*",
"VMWare Telco Cloud Platform 2.*",
"VMWare Telco Cloud Infrastructure 3.*",
"VMWare Telco Cloud Infrastructure 2.*",
"VMWare Workstation 17.*",
"VMWare Fusion 13.*",
"VMWare Cloud Foundation ESX 9.0.0.0",
"VMWare vSphere Foundation ESX 9.0.0.0"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-41236",
"serverity": "\u9ad8",
"submitTime": "2025-07-30",
"title": "\u591a\u6b3eVMWare\u4ea7\u54c1\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2025-41236
Vulnerability from fkie_nvd - Published: 2025-07-15 19:15 - Updated: 2026-04-15 00:35
Severity ?
Summary
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u00a0A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue."
},
{
"lang": "es",
"value": "VMware ESXi, Workstation y Fusion presentan una vulnerabilidad de desbordamiento de enteros en el adaptador de red virtual VMXNET3. Un agente malicioso con privilegios de administrador local en una m\u00e1quina virtual con un adaptador de red virtual VMXNET3 podr\u00eda aprovechar este problema para ejecutar c\u00f3digo en el host. Los adaptadores virtuales que no sean VMXNET3 no se ven afectados por este problema."
}
],
"id": "CVE-2025-41236",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2025-07-15T19:15:21.303",
"references": [
{
"source": "security@vmware.com",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@vmware.com",
"type": "Secondary"
}
]
}
GHSA-VVJV-89CJ-78FR
Vulnerability from github – Published: 2025-07-15 21:31 – Updated: 2025-07-15 21:31
VLAI?
Details
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
Severity ?
9.3 (Critical)
{
"affected": [],
"aliases": [
"CVE-2025-41236"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-15T19:15:21Z",
"severity": "CRITICAL"
},
"details": "VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u00a0A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.",
"id": "GHSA-vvjv-89cj-78fr",
"modified": "2025-07-15T21:31:39Z",
"published": "2025-07-15T21:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41236"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
ICSA-25-212-02
Vulnerability from csaf_cisa - Published: 2025-07-31 06:00 - Updated: 2025-07-31 06:00Summary
Rockwell Automation Lifecycle Services with VMware
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.
9.3 (Critical)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Rockwell Automation Industrial Data Center (IDC) with VMware: >=Generations_1|<=4
Rockwell Automation / Industrial Data Center (IDC) with VMware
|
>=Generations_1|<=4 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation VersaVirtual Appliance (VVA) with VMware Series: A and B
Rockwell Automation / VersaVirtual Appliance (VVA) with VMware
|
A|B |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Threat Detection Managed Services (TDMS) with VMware: vers:all/*
Rockwell Automation / Threat Detection Managed Services (TDMS) with VMware
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Endpoint Protection Service with Rockwell Automation Proxy & VMware only: vers:all/*
Rockwell Automation / Endpoint Protection Service with Rockwell Automation Proxy & VMware only
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Engineered and Integrated Solutions with VMware: vers:all/*
Rockwell Automation / Engineered and Integrated Solutions with VMware
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.3 (Critical)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Rockwell Automation Industrial Data Center (IDC) with VMware: >=Generations_1|<=4
Rockwell Automation / Industrial Data Center (IDC) with VMware
|
>=Generations_1|<=4 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation VersaVirtual Appliance (VVA) with VMware Series: A and B
Rockwell Automation / VersaVirtual Appliance (VVA) with VMware
|
A|B |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Threat Detection Managed Services (TDMS) with VMware: vers:all/*
Rockwell Automation / Threat Detection Managed Services (TDMS) with VMware
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Endpoint Protection Service with Rockwell Automation Proxy & VMware only: vers:all/*
Rockwell Automation / Endpoint Protection Service with Rockwell Automation Proxy & VMware only
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Engineered and Integrated Solutions with VMware: vers:all/*
Rockwell Automation / Engineered and Integrated Solutions with VMware
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.3 (Critical)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Rockwell Automation Industrial Data Center (IDC) with VMware: >=Generations_1|<=4
Rockwell Automation / Industrial Data Center (IDC) with VMware
|
>=Generations_1|<=4 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation VersaVirtual Appliance (VVA) with VMware Series: A and B
Rockwell Automation / VersaVirtual Appliance (VVA) with VMware
|
A|B |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Threat Detection Managed Services (TDMS) with VMware: vers:all/*
Rockwell Automation / Threat Detection Managed Services (TDMS) with VMware
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Endpoint Protection Service with Rockwell Automation Proxy & VMware only: vers:all/*
Rockwell Automation / Endpoint Protection Service with Rockwell Automation Proxy & VMware only
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Engineered and Integrated Solutions with VMware: vers:all/*
Rockwell Automation / Engineered and Integrated Solutions with VMware
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Rockwell Automation Industrial Data Center (IDC) with VMware: >=Generations_1|<=4
Rockwell Automation / Industrial Data Center (IDC) with VMware
|
>=Generations_1|<=4 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation VersaVirtual Appliance (VVA) with VMware Series: A and B
Rockwell Automation / VersaVirtual Appliance (VVA) with VMware
|
A|B |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Threat Detection Managed Services (TDMS) with VMware: vers:all/*
Rockwell Automation / Threat Detection Managed Services (TDMS) with VMware
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Endpoint Protection Service with Rockwell Automation Proxy & VMware only: vers:all/*
Rockwell Automation / Endpoint Protection Service with Rockwell Automation Proxy & VMware only
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Rockwell Automation Engineered and Integrated Solutions with VMware: vers:all/*
Rockwell Automation / Engineered and Integrated Solutions with VMware
|
vers:all/* |
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
References
18 references
Acknowledgments
Rockwell Automation
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-212-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-212-02.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-25-212-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "Rockwell Automation Lifecycle Services with VMware",
"tracking": {
"current_release_date": "2025-07-31T06:00:00.000000Z",
"generator": {
"date": "2025-07-31T19:36:07.236717Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-212-02",
"initial_release_date": "2025-07-31T06:00:00.000000Z",
"revision_history": [
{
"date": "2025-07-31T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=Generations_1|\u003c=4",
"product": {
"name": "Rockwell Automation Industrial Data Center (IDC) with VMware: \u003e=Generations_1|\u003c=4",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Industrial Data Center (IDC) with VMware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "A|B",
"product": {
"name": "Rockwell Automation VersaVirtual Appliance (VVA) with VMware Series: A and B",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "VersaVirtual Appliance (VVA) with VMware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Rockwell Automation Threat Detection Managed Services (TDMS) with VMware: vers:all/*",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Threat Detection Managed Services (TDMS) with VMware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Rockwell Automation Endpoint Protection Service with Rockwell Automation Proxy \u0026 VMware only: vers:all/*",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Endpoint Protection Service with Rockwell Automation Proxy \u0026 VMware only"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Rockwell Automation Engineered and Integrated Solutions with VMware: vers:all/*",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Engineered and Integrated Solutions with VMware"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-41236",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An integer-overflow vulnerability exists in the VMXNET3 virtual network adapter used in VMware ESXi, Workstation, and Fusion. Exploitation of this vulnerability can lead to code execution on the host.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41236"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom\u0027s advisories below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Support Content Notification - Support Portal - Broadcom support portal",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html"
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "For more information refer to Rockwell Automation\u0027s security advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2025-41237",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An integer-underflow vulnerability exists in the Virtual Machine Communication Interface (VMCI) of VMware ESXi, Workstation, and Fusion, which can lead to an out-of-bounds write. Exploitation of this vulnerability can lead to code execution on the host. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41237"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom\u0027s advisories below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Support Content Notification - Support Portal - Broadcom support portal",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html"
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "For more information refer to Rockwell Automation\u0027s security advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2025-41238",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap-overflow vulnerability exists in the Paravirtualized SCSI (PVSCSI) controller of VMware ESXi, Workstation, and Fusion, which can lead to an out-of-bounds write. Exploitation of this vulnerability can lead to code execution on the host. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41238"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom\u0027s advisories below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Support Content Notification - Support Portal - Broadcom support portal",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html"
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "For more information refer to Rockwell Automation\u0027s security advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2025-41239",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "An information disclosure vulnerability exists in vSockets due to the use of uninitialized memory in VMware ESXi, Workstation, Fusion, and VMware Tools. Exploitation of this vulnerability can result in the leakage of memory from processes communicating with vSockets.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41239"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom\u0027s advisories below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Support Content Notification - Support Portal - Broadcom support portal",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html"
},
{
"category": "mitigation",
"details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html"
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "For more information refer to Rockwell Automation\u0027s security advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
}
]
}
WID-SEC-W-2025-1576
Vulnerability from csaf_certbund - Published: 2025-07-15 22:00 - Updated: 2025-07-16 22:00Summary
VMware Produkte: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Virtualisierungssoftware von VMware ermöglicht die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System.
VMware Tools sind Applikationen und Treiber, mit denen die Gast-Betriebssysteme in einer virtuellen Maschine unter VMware zusätzliche Funktionalitäten erhalten.
Die Virtualisierungssoftware von VMware ermöglicht die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System.
VMware Cloud Foundation ist eine Hybrid Cloud-Plattform für VM-Management und Container-Orchestrierung.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in VMware vSphere, VMware Tools, VMware ESXi, VMware Workstation, VMware Fusion und VMware Cloud Foundation ausnutzen, um beliebigen Programmcode auszuführen und vertrauliche Informationen preiszugeben.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware vSphere Foundation ESX <ESXi-9.0.0.0100-24813472
VMware / vSphere
|
Foundation ESX <ESXi-9.0.0.0100-24813472 | ||
|
VMware ESXi <ESXi80U2e-24789317
VMware / ESXi
|
<ESXi80U2e-24789317 | ||
|
VMware ESXi <ESXi80U3f-24784735
VMware / ESXi
|
<ESXi80U3f-24784735 | ||
|
VMware ESXi <ESXi70U3w-24784741
VMware / ESXi
|
<ESXi70U3w-24784741 | ||
|
VMware Fusion <13.6.4
VMware / Fusion
|
<13.6.4 | ||
|
VMware Workstation <17.6.4
VMware / Workstation
|
<17.6.4 | ||
|
VMware Cloud Foundation <ESXi70U3w-24784741
VMware / Cloud Foundation
|
<ESXi70U3w-24784741 | ||
|
VMware Cloud Foundation <ESXi80U3f-24784735
VMware / Cloud Foundation
|
<ESXi80U3f-24784735 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware vSphere Foundation ESX <ESXi-9.0.0.0100-24813472
VMware / vSphere
|
Foundation ESX <ESXi-9.0.0.0100-24813472 | ||
|
VMware ESXi <ESXi80U2e-24789317
VMware / ESXi
|
<ESXi80U2e-24789317 | ||
|
VMware ESXi <ESXi80U3f-24784735
VMware / ESXi
|
<ESXi80U3f-24784735 | ||
|
VMware ESXi <ESXi70U3w-24784741
VMware / ESXi
|
<ESXi70U3w-24784741 | ||
|
VMware Fusion <13.6.4
VMware / Fusion
|
<13.6.4 | ||
|
VMware Workstation <17.6.4
VMware / Workstation
|
<17.6.4 | ||
|
VMware Cloud Foundation <ESXi70U3w-24784741
VMware / Cloud Foundation
|
<ESXi70U3w-24784741 | ||
|
VMware Cloud Foundation <ESXi80U3f-24784735
VMware / Cloud Foundation
|
<ESXi80U3f-24784735 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware vSphere Foundation ESX <ESXi-9.0.0.0100-24813472
VMware / vSphere
|
Foundation ESX <ESXi-9.0.0.0100-24813472 | ||
|
VMware ESXi <ESXi80U2e-24789317
VMware / ESXi
|
<ESXi80U2e-24789317 | ||
|
VMware ESXi <ESXi80U3f-24784735
VMware / ESXi
|
<ESXi80U3f-24784735 | ||
|
VMware ESXi <ESXi70U3w-24784741
VMware / ESXi
|
<ESXi70U3w-24784741 | ||
|
VMware Fusion <13.6.4
VMware / Fusion
|
<13.6.4 | ||
|
VMware Workstation <17.6.4
VMware / Workstation
|
<17.6.4 | ||
|
VMware Cloud Foundation <ESXi70U3w-24784741
VMware / Cloud Foundation
|
<ESXi70U3w-24784741 | ||
|
VMware Cloud Foundation <ESXi80U3f-24784735
VMware / Cloud Foundation
|
<ESXi80U3f-24784735 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
VMware Tools Windows <12.5.3
VMware / Tools
|
Windows <12.5.3 | ||
|
VMware Tools Windows <13.0.1.0
VMware / Tools
|
Windows <13.0.1.0 | ||
|
VMware vSphere Foundation ESX <ESXi-9.0.0.0100-24813472
VMware / vSphere
|
Foundation ESX <ESXi-9.0.0.0100-24813472 | ||
|
VMware ESXi <ESXi80U2e-24789317
VMware / ESXi
|
<ESXi80U2e-24789317 | ||
|
VMware ESXi <ESXi80U3f-24784735
VMware / ESXi
|
<ESXi80U3f-24784735 | ||
|
VMware ESXi <ESXi70U3w-24784741
VMware / ESXi
|
<ESXi70U3w-24784741 | ||
|
VMware Fusion <13.6.4
VMware / Fusion
|
<13.6.4 | ||
|
VMware Workstation <17.6.4
VMware / Workstation
|
<17.6.4 | ||
|
VMware Cloud Foundation <ESXi70U3w-24784741
VMware / Cloud Foundation
|
<ESXi70U3w-24784741 | ||
|
VMware Cloud Foundation <ESXi80U3f-24784735
VMware / Cloud Foundation
|
<ESXi80U3f-24784735 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Virtualisierungssoftware von VMware erm\u00f6glicht die simultane Ausf\u00fchrung von verschiedenen Betriebssystemen auf einem Host-System.\r\n\r\nVMware Tools sind Applikationen und Treiber, mit denen die Gast-Betriebssysteme in einer virtuellen Maschine unter VMware zus\u00e4tzliche Funktionalit\u00e4ten erhalten.\r\nDie Virtualisierungssoftware von VMware erm\u00f6glicht die simultane Ausf\u00fchrung von verschiedenen Betriebssystemen auf einem Host-System.\r\nVMware Cloud Foundation ist eine Hybrid Cloud-Plattform f\u00fcr VM-Management und Container-Orchestrierung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in VMware vSphere, VMware Tools, VMware ESXi, VMware Workstation, VMware Fusion und VMware Cloud Foundation ausnutzen, um beliebigen Programmcode auszuf\u00fchren und vertrauliche Informationen preiszugeben.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1576 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1576.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1576 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1576"
},
{
"category": "external",
"summary": "VMware Security Advisory vom 2025-07-15",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
},
{
"category": "external",
"summary": "VMSA-2025-0013: Questions \u0026 Answers",
"url": "https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0013"
}
],
"source_lang": "en-US",
"title": "VMware Produkte: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-16T22:00:00.000+00:00",
"generator": {
"date": "2025-07-17T10:17:00.430+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1576",
"initial_release_date": "2025-07-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "2",
"summary": "Weitere Informationen von VMware aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cESXi80U3f-24784735",
"product": {
"name": "VMware Cloud Foundation \u003cESXi80U3f-24784735",
"product_id": "T045443"
}
},
{
"category": "product_version",
"name": "ESXi80U3f-24784735",
"product": {
"name": "VMware Cloud Foundation ESXi80U3f-24784735",
"product_id": "T045443-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:cloud_foundation:esxi80u3f-24784735"
}
}
},
{
"category": "product_version_range",
"name": "\u003cESXi70U3w-24784741",
"product": {
"name": "VMware Cloud Foundation \u003cESXi70U3w-24784741",
"product_id": "T045444"
}
},
{
"category": "product_version",
"name": "ESXi70U3w-24784741",
"product": {
"name": "VMware Cloud Foundation ESXi70U3w-24784741",
"product_id": "T045444-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:cloud_foundation:esxi70u3w-24784741"
}
}
}
],
"category": "product_name",
"name": "Cloud Foundation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cESXi80U3f-24784735",
"product": {
"name": "VMware ESXi \u003cESXi80U3f-24784735",
"product_id": "T045438"
}
},
{
"category": "product_version",
"name": "ESXi80U3f-24784735",
"product": {
"name": "VMware ESXi ESXi80U3f-24784735",
"product_id": "T045438-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:esxi80u3f-24784735"
}
}
},
{
"category": "product_version_range",
"name": "\u003cESXi80U2e-24789317",
"product": {
"name": "VMware ESXi \u003cESXi80U2e-24789317",
"product_id": "T045439"
}
},
{
"category": "product_version",
"name": "ESXi80U2e-24789317",
"product": {
"name": "VMware ESXi ESXi80U2e-24789317",
"product_id": "T045439-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:esxi80u2e-24789317"
}
}
},
{
"category": "product_version_range",
"name": "\u003cESXi70U3w-24784741",
"product": {
"name": "VMware ESXi \u003cESXi70U3w-24784741",
"product_id": "T045440"
}
},
{
"category": "product_version",
"name": "ESXi70U3w-24784741",
"product": {
"name": "VMware ESXi ESXi70U3w-24784741",
"product_id": "T045440-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:vmware:esxi:esxi70u3w-24784741"
}
}
}
],
"category": "product_name",
"name": "ESXi"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.6.4",
"product": {
"name": "VMware Fusion \u003c13.6.4",
"product_id": "T045442"
}
},
{
"category": "product_version",
"name": "13.6.4",
"product": {
"name": "VMware Fusion 13.6.4",
"product_id": "T045442-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:fusion:13.6.4"
}
}
}
],
"category": "product_name",
"name": "Fusion"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Windows \u003c13.0.1.0",
"product": {
"name": "VMware Tools Windows \u003c13.0.1.0",
"product_id": "T045437"
}
},
{
"category": "product_version",
"name": "Windows 13.0.1.0",
"product": {
"name": "VMware Tools Windows 13.0.1.0",
"product_id": "T045437-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:tools:windows__13.0.1.0"
}
}
},
{
"category": "product_version_range",
"name": "Windows \u003c12.5.3",
"product": {
"name": "VMware Tools Windows \u003c12.5.3",
"product_id": "T045446"
}
},
{
"category": "product_version",
"name": "Windows 12.5.3",
"product": {
"name": "VMware Tools Windows 12.5.3",
"product_id": "T045446-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:tools:windows___12.5.3"
}
}
}
],
"category": "product_name",
"name": "Tools"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c17.6.4",
"product": {
"name": "VMware Workstation \u003c17.6.4",
"product_id": "T045441"
}
},
{
"category": "product_version",
"name": "17.6.4",
"product": {
"name": "VMware Workstation 17.6.4",
"product_id": "T045441-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:workstation:17.6.4"
}
}
}
],
"category": "product_name",
"name": "Workstation"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Foundation ESX \u003cESXi-9.0.0.0100-24813472",
"product": {
"name": "VMware vSphere Foundation ESX \u003cESXi-9.0.0.0100-24813472",
"product_id": "T045436"
}
},
{
"category": "product_version",
"name": "Foundation ESX ESXi-9.0.0.0100-24813472",
"product": {
"name": "VMware vSphere Foundation ESX ESXi-9.0.0.0100-24813472",
"product_id": "T045436-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vmware:vsphere:foundation_esx__esxi-9.0.0.0100-24813472"
}
}
}
],
"category": "product_name",
"name": "vSphere"
}
],
"category": "vendor",
"name": "VMware"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-41236",
"product_status": {
"known_affected": [
"T045436",
"T045439",
"T045438",
"T045440",
"T045442",
"T045441",
"T045444",
"T045443"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-41236"
},
{
"cve": "CVE-2025-41237",
"product_status": {
"known_affected": [
"T045436",
"T045439",
"T045438",
"T045440",
"T045442",
"T045441",
"T045444",
"T045443"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-41237"
},
{
"cve": "CVE-2025-41238",
"product_status": {
"known_affected": [
"T045436",
"T045439",
"T045438",
"T045440",
"T045442",
"T045441",
"T045444",
"T045443"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-41238"
},
{
"cve": "CVE-2025-41239",
"product_status": {
"known_affected": [
"T045446",
"T045437",
"T045436",
"T045439",
"T045438",
"T045440",
"T045442",
"T045441",
"T045444",
"T045443"
]
},
"release_date": "2025-07-15T22:00:00.000+00:00",
"title": "CVE-2025-41239"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…