Close
Let's Talk

Our rapid response team are available to help:

Get Technical Support Get in touch
Request a callback

Telephone: 01527 880088

Option 1: Technical Support

Option 2: Sales & General Enquiries

Close
LinkedIn Facebook Instagram
Vulnerability Update: VMWare ESXI, Pwn2Own & CISCO ISE

Vulnerability Update: VMWare ESXI, Pwn2Own & CISCO ISE

Critical Security Advisory: VMware ESXi Vulnerabilities Uncovered via Pwn2Own Berlin 2025

Decorative arrow Decorative arrow Decorative arrow Decorative arrow Decorative arrow Decorative arrow

Overview

VMware disclosed four critical vulnerabilities (CVE-2025-41236 to CVE-2025-41239) affecting multiple products including ESXi, Workstation, Fusion, Tools, and Cloud Foundation.

These were discovered during the Pwn2Own Berlin 2025 contest and pose serious risks such as VM escape, host-level code execution, and information leakage.

 

Vulnerability Breakdown

CVE-2025-41236 – Integer Overflow in VMXNET3 Adapter

  • CVSS Score: 9.3

  • Impact: Allows a guest VM admin to execute arbitrary code on the host.

  • Risk: Critical in cloud, VDI, and MSP environments

 

CVE-2025-41237 – Integer Underflow in VMCI Device

  • CVSS Score: 9.3

  • Impact: Enables guest VM admin to run code as the VMX host process.

  • Risk: High risk of VM escape1.

 

CVE-2025-41238 – Heap Overflow in PVSCSI Controller

  • CVSS Score: 9.3

  • Impact: Code execution on host in certain configurations.

  • Risk: Major risk for misconfigured or legacy VMs 1.

 

CVE-2025-41239 – Uninitialised Memory in vSockets

  • CVSS Score: 7.1

  • Impact: Memory leakage from host to guest.

  • Risk: Medium, but notable in sensitive environments 2.

 

Affected VMware Products

  • VMware ESXi

  • VMware Workstation

  • VMware Fusion VMware Tools

  • VMware Cloud Foundation (ESX component)

  • VMware vSphere Foundation (ESX component)

  • VMware Telco Cloud Platform VMware Telco Cloud Infrastructure

 

Vulnerability Breakdown by Product

Recommendations

2 hours to patch version 8 or 4 hours to upgrade to the latest version of 9 with potential downtime.

 

Call Us on 01527 880088

Get in Touch Online

Featured blogs

Why Cyber Essentials Is More Than Just a Certification

Cyber attacks aren’t just a problem for big corporations, they’re a growing threat to businesses of all sizes.

Read more

Puppies & Brownies! TD's Ultimate Stress-Relief Strategy!

Technical Drive turned a regular workday into a heart-warming wellbeing boost!

Read more

A Webinar Win! Kicking Off the Series with Cyber Security

We kicked off our IT webinar series with a strong start, exploring Cyber Security with KnowBe4 and welcoming 30+ attendees.

Read more

Technical Drive Wore it Pink for Breast Cancer Now

A day filled with pink, purpose, and people coming together to support life-saving research and care through Breast Cancer Now.

Read more

Cyber Threats Won't Wait, and Neither Should You

If you're waiting for a wake-up call, this is it, because the cost of doing nothing is far greater than the cost of being prepared.

Read more

Tech-or-Treat, It's Halloween with Technical Drive!

A light-hearted look at how the Technical Drive team brought Halloween to life in the office...with costumes, marshmallow ghosts, and plenty of pizza.

Read more
View more blogs

Email sign up

As your Managed IT Service Partner, we take responsibility to proactively help you drive your business forward through technology. With our fast, responsive, and strategic team we can digitally transform organisations to drive productivity, profitability, and success. Sign up to receive helpful advice and industry news that could affect your IT, data storage and communications.

Get in touch
Decorative arrow Decorative arrow

Get in touch

Is your current company not performing, not being proactive, not getting value for money? Or perhaps you have an urgent problem?

Find out more
Need Technical Support? Call us now on 01527 880088 Click here