The vulnerability in the virtual network adapter VMXNET3 of VMware ESXi, Workstation, Fusion, and Cloud Foundation exists due to a write-off outside the buffer, allowing an attacker to execute arbitrary code.

The vulnerability in the virtual network adapter VMXNET3 of VMware ESXi, Workstation, Fusion, and Cloud Foundation software lies in buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Photon OS 5.0: Linux PHSA-2025-5.0-0558

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0558. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

VMware ESXi 7.x < 7.0 Update 3w / 8.x < 8.0 Update 2e / 8.0 Update 3 < 8.0 Update 3f (VMSA-2025-0013)

The version of VMware ESXi installed on the remote host is 7.x prior to 7.0 Update 3w, 8.x prior to 8.0 Update 2e, or 8.0 Update 3 prior to 8.0 Update 3f. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0013 advisory: - VMware ESXi, Workstation, and Fusion...

The vulnerability of the Virtual Machine Communication Interface (VMCI) implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation allows a perpetrator to execute arbitrary code.

The vulnerability of the Virtual Machine Communication Interface VMCI implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation lies in buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code...

CVE-2025-41237

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

CVE-2025-41238

VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI Paravirtualized SCSI controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine'...

CVE-2025-41239

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes...

CVE-2025-41236

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...

CVE-2025-41239 vSockets information-disclosure vulnerability

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes...

CVE-2025-41239 vSockets information-disclosure vulnerability

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes...

CVE-2025-41239

CVE-2025-41239 describes an information-disclosure vulnerability in VMware ESXi, Workstation, Fusion, and VMware Tools caused by uninitialized memory in vSockets. A local administrator within a VM can leak memory from processes communicating with vSockets. IBM’s connected bulletin confirms the is...

CVE-2025-41238

CVE-2025-41238 is a heap-overflow vulnerability in the PVSCSI controller affecting VMware ESXi, Workstation, and Fusion. Exploitation can cause an out-of-bounds write and code execution, with ESXi exploits contained within the VMX sandbox (and only with unsupported configs), while Workstation/Fus...

CVE-2025-41238 PVSCSI heap-overflow vulnerability

VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI Paravirtualized SCSI controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine'...

CVE-2025-41238 PVSCSI heap-overflow vulnerability

VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI Paravirtualized SCSI controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine'...

CVE-2025-41237

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

CVE-2025-41237

CVE-2025-41237 describes an integer-underflow in the VMCI component of VMware ESXi, Workstation, and Fusion that can cause an out-of-bounds write. A local attacker with VM-level admin privileges may execute code as the VMX process on the host; exploitation is contained within the VMX sandbox on E...

CVE-2025-41237 VMCI integer-underflow vulnerability

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

CVE-2025-41237 VMCI integer-underflow vulnerability

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

CVE-2025-41236

The CVE-2025-41236 issue is an integer-overflow in the VMXNET3 virtual network adapter used by VMware ESXi, Workstation, and Fusion. A local VM administrator can exploit this to execute code on the host; non‑VMXNET3 adapters are unaffected. Connected IBM advisory confirms the same vulnerability a...

CVE-2025-41236 VMXNET3 integer-overflow vulnerability

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3...