CVE 9.3 CRITICAL

VMXNET3 integer-overflow vulnerability_CVE-2025-41236

August 14, 2025 invoker category_cve
9.3 / 10
CRITICAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.

Basic Information

ID CVE-2025-41236
Source vmware
Published Jul 15, 2025 at 18:34
Modified Jul 16, 2025 at 03:55

Affected Product

Vendor VMware
Product ESXi
Version 8.0
Affected Versions VMware ESXi 8.0
VMware ESXi 8.0
VMware ESXi 7.0
VMware Cloud Foundation 5.x, 4.5.x
VMware Workstation 17.x
VMware Fusion 13.x
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x
VMware Telco Cloud Infrastructure 3.x, 2.x

CWE Classification

CWE-787

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.