Vulnerability Update: VMWare ESXI from Pwn2Own & CISCO ISE
Close
Let's Talk

Our rapid response team are available to help:

Get Technical Support Get in touch
Request a callback

Telephone: 01527 880088

Option 1: Technical Support

Option 2: Sales & General Enquiries

Close
LinkedIn Facebook Instagram
Vulnerability Update: VMWare ESXI, Pwn2Own & CISCO ISE

Vulnerability Update: VMWare ESXI, Pwn2Own & CISCO ISE

Critical Security Advisory: VMware ESXi Vulnerabilities Uncovered via Pwn2Own Berlin 2025

Decorative arrow Decorative arrow Decorative arrow Decorative arrow Decorative arrow Decorative arrow

Overview

VMware disclosed four critical vulnerabilities (CVE-2025-41236 to CVE-2025-41239) affecting multiple products including ESXi, Workstation, Fusion, Tools, and Cloud Foundation.

These were discovered during the Pwn2Own Berlin 2025 contest and pose serious risks such as VM escape, host-level code execution, and information leakage.

 

Vulnerability Breakdown

CVE-2025-41236 – Integer Overflow in VMXNET3 Adapter

  • CVSS Score: 9.3

  • Impact: Allows a guest VM admin to execute arbitrary code on the host.

  • Risk: Critical in cloud, VDI, and MSP environments

 

CVE-2025-41237 – Integer Underflow in VMCI Device

  • CVSS Score: 9.3

  • Impact: Enables guest VM admin to run code as the VMX host process.

  • Risk: High risk of VM escape1.

 

CVE-2025-41238 – Heap Overflow in PVSCSI Controller

  • CVSS Score: 9.3

  • Impact: Code execution on host in certain configurations.

  • Risk: Major risk for misconfigured or legacy VMs 1.

 

CVE-2025-41239 – Uninitialised Memory in vSockets

  • CVSS Score: 7.1

  • Impact: Memory leakage from host to guest.

  • Risk: Medium, but notable in sensitive environments 2.

 

Affected VMware Products

  • VMware ESXi

  • VMware Workstation

  • VMware Fusion VMware Tools

  • VMware Cloud Foundation (ESX component)

  • VMware vSphere Foundation (ESX component)

  • VMware Telco Cloud Platform VMware Telco Cloud Infrastructure

 

Vulnerability Breakdown by Product

Recommendations

2 hours to patch version 8 or 4 hours to upgrade to the latest version of 9 with potential downtime.

 

Call Us on 01527 880088

Get in Touch Online

Featured blogs

A Webinar Win! Kicking Off the Series with Cyber Security

We kicked off our IT webinar series with a strong start, exploring Cyber Security with KnowBe4 and welcoming 30+ attendees.

Read more

Cut Costs, Not Calls: Free Teams Phone Set-Up Until 31st Dec

Discover how Microsoft Teams Telephony can simplify business communication, reduce costs, and save you up to £2,000 with Technical Drive’s limited-time offer.

Read more

TD on TV!

Technical Drive makes its TV debut with a brand-new Sky advert!

Read more

Jingle All the Way to 5k! Running for Birmingham Mind!

Three Technical Drive elves dashed through Cannon Hill Park for the Mental Elf 5K, spreading festive cheer and supporting Birmingham Mind!

Read more

The Night We'll Be Talking About Until Next Christmas!

A night of glamour, laughter and surprises. From live music to magical moments, this Christmas party had it all.

Read more

New Year, New IT

Getting your IT sorted before January gives your business a smoother, calmer and more secure start to the year with help from Technical Drive.

Read more
View more blogs

Email sign up

As your Managed IT Service Partner, we take responsibility to proactively help you drive your business forward through technology. With our fast, responsive, and strategic team we can digitally transform organisations to drive productivity, profitability, and success. Sign up to receive helpful advice and industry news that could affect your IT, data storage and communications.

Get in touch
Decorative arrow Decorative arrow

Get in touch

Is your current company not performing, not being proactive, not getting value for money? Or perhaps you have an urgent problem?

Find out more
Need Technical Support? Call us now on 01527 880088 Click here