Vulnerability Update: VMWare ESXI, Pwn2Own & CISCO ISE
Critical Security Advisory: VMware ESXi Vulnerabilities Uncovered via Pwn2Own Berlin 2025
Overview
VMware disclosed four critical vulnerabilities (CVE-2025-41236 to CVE-2025-41239) affecting multiple products including ESXi, Workstation, Fusion, Tools, and Cloud Foundation.
These were discovered during the Pwn2Own Berlin 2025 contest and pose serious risks such as VM escape, host-level code execution, and information leakage.
Vulnerability Breakdown
CVE-2025-41236 – Integer Overflow in VMXNET3 Adapter
-
CVSS Score: 9.3
-
Impact: Allows a guest VM admin to execute arbitrary code on the host.
-
Risk: Critical in cloud, VDI, and MSP environments
CVE-2025-41237 – Integer Underflow in VMCI Device
-
CVSS Score: 9.3
-
Impact: Enables guest VM admin to run code as the VMX host process.
-
Risk: High risk of VM escape1.
CVE-2025-41238 – Heap Overflow in PVSCSI Controller
-
CVSS Score: 9.3
-
Impact: Code execution on host in certain configurations.
-
Risk: Major risk for misconfigured or legacy VMs 1.
CVE-2025-41239 – Uninitialised Memory in vSockets
-
CVSS Score: 7.1
-
Impact: Memory leakage from host to guest.
-
Risk: Medium, but notable in sensitive environments 2.
Affected VMware Products
-
VMware ESXi
-
VMware Workstation
-
VMware Fusion VMware Tools
-
VMware Cloud Foundation (ESX component)
-
VMware vSphere Foundation (ESX component)
-
VMware Telco Cloud Platform VMware Telco Cloud Infrastructure
Vulnerability Breakdown by Product
Recommendations
2 hours to patch version 8 or 4 hours to upgrade to the latest version of 9 with potential downtime.
Call Us on 01527 880088
Get in Touch Online
Featured blogs
A Webinar Win! Kicking Off the Series with Cyber Security
We kicked off our IT webinar series with a strong start, exploring Cyber Security with KnowBe4 and welcoming 30+ attendees.
Read more
.jpg)
Cut Costs, Not Calls: Free Teams Phone Set-Up Until 31st Dec
Discover how Microsoft Teams Telephony can simplify business communication, reduce costs, and save you up to £2,000 with Technical Drive’s limited-time offer.
Read more
TD on TV!
Technical Drive makes its TV debut with a brand-new Sky advert!
Read more
Jingle All the Way to 5k! Running for Birmingham Mind!
Three Technical Drive elves dashed through Cannon Hill Park for the Mental Elf 5K, spreading festive cheer and supporting Birmingham Mind!
Read more
The Night We'll Be Talking About Until Next Christmas!
A night of glamour, laughter and surprises. From live music to magical moments, this Christmas party had it all.
Read more
New Year, New IT
Getting your IT sorted before January gives your business a smoother, calmer and more secure start to the year with help from Technical Drive.
Read more
Festive Knits, Turkey Baps & Secret Santa!
Jumpers, joy and pigs-in-blankets, our office Christmas vibes in full swing.
Read more
Christmas Bank Holiday Emergency Opening Times 2025
Emergency IT support available across the festive season, including Christmas and New Year
Read more
The Survey Results are in!
Our 2025 Client Satisfaction Survey results are in and we’re delighted to have achieved outstanding feedback from our clients yet again!
Read more
Cyber Criminals Don't Stop for Christmas
SMEs can be especially vulnerable during the festive season, but Technical Drive provides the protection and vigilance needed to keep businesses safe.
Read more
Email sign up
As your Managed IT Service Partner, we take responsibility to proactively help you drive your business forward through technology. With our fast, responsive, and strategic team we can digitally transform organisations to drive productivity, profitability, and success. Sign up to receive helpful advice and industry news that could affect your IT, data storage and communications.
Get in touch
Is your current company not performing, not being proactive, not getting value for money? Or perhaps you have an urgent problem?