CVEFinder.io

CVE-2025-41236

⛔ critical
🔍 Scan for this CVE
Summary

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.

CVSS Score
9.3
Critical
EPSS Score
0.0
Exploit Probability
Published Date
2025-07-15
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 88.5% of all 318,332 vulnerabilities in our database.

#36,522
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jul 15, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-07-15
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-787

📦 Affected Products 8

Vendor Product Status Affected Versions
vmware workstation Affected
≥ 17.x < 17.6.4
vmware fusion Affected
≥ 13.x ≤ 13.6.4
vmware esxi Affected
≥ 7.0 < ESXi70U3w-24784741
vmware esxi Affected
≥ 8.0 < ESXi80U2e-24789317
vmware esxi Affected
≥ 8.0 < ESXi80U3f-24784735
vmware cloud_foundation Affected
v5.x,_4.5.x
vmware telco_cloud_platform Affected
v5.x,_4.x,_3.x,_2.x
vmware telco_cloud_infrastructure Affected
v3.x,_2.x

🔗 References 1

https://support.broadcom.com/web/ecx/support-content...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-22719 ⚠️ high 8.1 7.4 VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this is... 2026-02-25
CVE-2026-22720 ⚠️ high 8.0 0.1 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create... 2026-02-25
CVE-2026-22721 🔶 medium 6.2 0.1 VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to ac... 2026-02-25
CVE-2025-41244 ⚠️ high 7.8 1.0 VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor wit... 2025-09-29
CVE-2025-41250 ⚠️ high 8.5 0.1 VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on... 2025-09-29
CVE-2025-41241 🔶 medium 4.4 0.1 VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and h... 2025-07-29
These CVEs affect the same products