On July 15, 2025, VMware officially released the security advisory VMSA-2025-0013, VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
Vulnerability Overview
1. CVE-2025-41236: VMXNET3 integer overflow vulnerability.
Vulnerability description: There is an integer overflow vulnerability in the VMXNET3 virtual network adapter in VMware ESXi, Workstation, and Fusion. A malicious attacker with local administrator privileges on the virtual machine can exploit this vulnerability to execute code on the host. It is worth noting that this vulnerability only affects virtual machines using the VMXNET3 virtual adapter, and other types of virtual adapters are not affected.
Exploitation conditions: The attacker needs to have local administrator privileges on the virtual machine and cannot be exploited remotely.
2. CVE-2025-41237: VMCI integer underflow vulnerability.
Vulnerability description: There is an integer underflow vulnerability in VMCI (Virtual Machine Communication Interface) in VMware ESXi, Workstation and Fusion, resulting in out-of-bounds write. A malicious attacker with local administrator privileges of the virtual machine can exploit this vulnerability to execute code on the host as the VMX process of the virtual machine.
Conditions of use:
On ESXi, the exploit is confined to the VMX sandbox.
On Workstation and Fusion, it could lead to code execution on the machine where Workstation or Fusion is installed.
3. CVE-2025-41238: PVSCSI Heap Overflow Vulnerability
Vulnerability description: The PVSCSI (paravirtualized SCSI) controller in VMware ESXi, Workstation, and Fusion has a heap overflow vulnerability that causes an out-of-bounds write. A malicious attacker with local administrator privileges on the virtual machine can exploit this vulnerability to execute code on the host as the VMX process of the virtual machine.
Conditions of use:
On ESXi, the exploit is confined to the VMX sandbox and is only exploitable in unsupported configurations.
On Workstation and Fusion, it could lead to code execution on the machine where Workstation or Fusion is installed.
Remediation measures
The VMware vSphere Foundation version needs to be updated to ESXi-9.0.0.0100-24813472;
the VMware ESXi version needs to be updated to ESXi80U3f-24784735, ESXi80U2e-24789317, ESXi70U3w-24784741;
the VMware Workstation version needs
to be updated to 17.6.4; the VMware Fusion version needs to be updated to 13.6.4.
Patch Download
ESXi 8.0U3f download: https://support.broadcom.com/web/ecx/solutiondetails?patchId=15938
ESXi 8.0U2e download: https://support.broadcom.com/web/ecx/solutiondetails?patchId=15939
ESXi 7.0U3w download: https://support.broadcom.com/web/ecx/solutiondetails?patchId=15940
Download the new version of Workstation: VMware Workstation Pro virtual machine software professional version
- Design
