Broadcom has issued security alert VMSA-2025-0013, highlighting several critical vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Tools, which are widely used in enterprise and data center environments. The vulnerabilities, identified by CVE numbers CVE-2025-41236 through CVE-2025-41239, were discovered during researcher participation at Pwn2Own 2025 held in Berlin.
The CVSS scores range from 6.2 to 9.3, and there are no available workarounds or alternative solutions to mitigate these flaws. Broadcom urges immediate patching of affected systems.
Detailed Vulnerabilities
CVE-2025-41236: Integer overflow in the VMXNET3 virtual network adapter. Enables local privileged attackers to execute code on the host from a virtual machine. Rating: Critical (CVSS 9.3).
CVE-2025-41237: Underflow in VMCI (virtual machine communication interface), allowing out-of-bounds writes and code execution as the host鈥檚 VMX process. Especially affects Workstation and Fusion. Rating: Critical (CVSS 9.3).
CVE-2025-41238: Heap memory overflow in the PVSCSI driver, with potential for code execution from a VM to the host. Exploitation in ESXi requires an unsupported configuration. Rating: Critical (CVSS 9.3).
CVE-2025-41239: Information leak via vSockets due to uninitialized memory usage, potentially allowing access to other process contents. Rating: Important (CVSS 7.1).
Confirmed Impacted Products
- VMware ESXi 7 and 8
- VMware Workstation 17.x
- VMware Fusion 13.x
- VMware Tools (primarily in Windows systems)
- VMware Cloud Foundation
- VMware Telco Cloud Platform
Products like vCenter Server, NSX, and SDDC Manager are not directly affected but should remain updated for compatibility.
Implications for Virtualized Environments
Security experts warn these vulnerabilities could enable a “VM escape,” where an attacker controlling a VM could compromise the hypervisor and access other VMs or the host system.
“These sorts of vulnerabilities have profound security implications, especially in critical infrastructure,” says David Carrero, co-founder of European firm Stackscale. “Rapid patch deployment is crucial to minimize risks.”
Note: While these flaws were identified in controlled environments and disclosed as part of Pwn2Own, Broadcom confirms they are not actively exploited in the wild. Nevertheless, urgency in patching remains high due to potential impact.
Temporary solutions are unavailable. Environments with vMotion should migrate VMs before restarting hosts to reduce downtime.
Recommended Actions
- Apply the official patches corresponding to your product and version, following Broadcom鈥檚 response matrix.
- Update VMware Tools in Windows virtual machines, especially since vSockets might expose sensitive data.
- Review the FAQ document for specific details and complex cases.
- Subscribe to VMware security alert lists for proactive notifications.
Conclusion
This alert marks one of the most severe security incidents within VMware鈥檚 ecosystem this year. The vulnerabilities’ nature and potential for code execution from VM to host underline the importance of continuous updates and proactive monitoring.
Best practices include network segmentation, least privilege principle, access controls, and regular virtual image reviews.
Official information is available at: