cvelistv5 - cve-2025-41236

CVE-2025-41236 (GCVE-0-2025-41236)

Vulnerability from cvelistv5

Published

2025-07-15 18:34

Modified

2025-07-16 03:55

Severity ?

9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Summary

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.

References

URL

icsa-25-212-02

Vulnerability from csaf_cisa

Published

2025-07-31 06:00

Modified

2025-07-31 06:00

Summary

Rockwell Automation Lifecycle Services with VMware

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Rockwell Automation",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-212-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-212-02.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-25-212-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Rockwell Automation Lifecycle Services with VMware",
    "tracking": {
      "current_release_date": "2025-07-31T06:00:00.000000Z",
      "generator": {
        "date": "2025-07-31T19:36:07.236717Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-25-212-02",
      "initial_release_date": "2025-07-31T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2025-07-31T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=Generations_1|\u003c=4",
                "product": {
                  "name": "Rockwell Automation Industrial Data Center (IDC) with VMware: \u003e=Generations_1|\u003c=4",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Industrial Data Center (IDC) with VMware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "A|B",
                "product": {
                  "name": "Rockwell Automation VersaVirtual Appliance (VVA) with VMware Series: A and B",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "VersaVirtual Appliance (VVA) with VMware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Rockwell Automation Threat Detection Managed Services (TDMS) with VMware: vers:all/*",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Threat Detection Managed Services (TDMS) with VMware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Rockwell Automation Endpoint Protection Service with Rockwell Automation Proxy \u0026 VMware only: vers:all/*",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Endpoint Protection Service with Rockwell Automation Proxy \u0026 VMware only"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Rockwell Automation Engineered and Integrated Solutions with VMware: vers:all/*",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Engineered and Integrated Solutions with VMware"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-41236",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An integer-overflow vulnerability exists in the VMXNET3 virtual network adapter used in VMware ESXi, Workstation, and Fusion. Exploitation of this vulnerability can lead to code execution on the host.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41236"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom\u0027s advisories below:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Support Content Notification - Support Portal - Broadcom support portal",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        },
        {
          "category": "mitigation",
          "details": "For more information refer to Rockwell Automation\u0027s security advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-41237",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An integer-underflow vulnerability exists in the Virtual Machine Communication Interface (VMCI) of VMware ESXi, Workstation, and Fusion, which can lead to an out-of-bounds write. Exploitation of this vulnerability can lead to code execution on the host. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41237"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom\u0027s advisories below:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Support Content Notification - Support Portal - Broadcom support portal",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        },
        {
          "category": "mitigation",
          "details": "For more information refer to Rockwell Automation\u0027s security advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-41238",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap-overflow vulnerability exists in the Paravirtualized SCSI (PVSCSI) controller of VMware ESXi, Workstation, and Fusion, which can lead to an out-of-bounds write. Exploitation of this vulnerability can lead to code execution on the host. ",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41238"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom\u0027s advisories below:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Support Content Notification - Support Portal - Broadcom support portal",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        },
        {
          "category": "mitigation",
          "details": "For more information refer to Rockwell Automation\u0027s security advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-41239",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An information disclosure vulnerability exists in vSockets due to the use of uninitialized memory in VMware ESXi, Workstation, Fusion, and VMware Tools.  Exploitation of this vulnerability can result in the leakage of memory from processes communicating with vSockets.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-41239"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Rockwell Automation will contact impacted users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract to discuss actions needed for remediation efforts.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Rockwell recommends users without Rockwell Automation managed services contract to refer to Broadcom\u0027s advisories below:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Support Content Notification - Support Portal - Broadcom support portal",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3f-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2e-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3w-release-notes.html"
        },
        {
          "category": "mitigation",
          "details": "Rockwell Automation encourages users of the affected software who are not able to upgrade to one of the corrected versions to apply security best practices where possible.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
        },
        {
          "category": "mitigation",
          "details": "For more information refer to Rockwell Automation\u0027s security advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    }
  ]
}

ghsa-vvjv-89cj-78fr

Vulnerability from github

Published

2025-07-15 21:31

Modified

2025-07-15 21:31

Severity ?

9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-41236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-15T19:15:21Z",
    "severity": "CRITICAL"
  },
  "details": "VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u00a0A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.",
  "id": "GHSA-vvjv-89cj-78fr",
  "modified": "2025-07-15T21:31:39Z",
  "published": "2025-07-15T21:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41236"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2025-18541

Vulnerability from cnvd

Title

多款VMWare产品整数溢出漏洞

Description

VMWare ESXi等都是美国威睿（VMWare）公司的产品。VMWare ESXi‌是VMWare公司开发的一款企业级Type-1虚拟化管理程序（Hypervisor），可直接安装在物理服务器硬件上运行，无需依赖底层操作系统，用于高效创建和管理虚拟机。VMWare Workstation是一款由VMware公司开发的桌面虚拟化软件，允许用户在一台物理计算机上同时运行多个操作系统。VMWare Fusion是VMware为Macintosh计算机开发的虚拟机管理程序，支持在Mac上运行Windows、 Linux等操作系统。多款VMWare产品存在整数溢出漏洞，该漏洞源于VMXNET3虚拟网络适配器存在整数溢出，攻击者可利用该漏洞导致执行任意代码、权限提升、数据中心横向移动、数据泄露。

Severity

高

Patch Name

多款VMWare产品整数溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-41236

Impacted products

Name
['VMWare ESXi 7.0', 'VMWare ESXi 8.0', 'VMWare Cloud Foundation 5.', 'VMWare Cloud Foundation 4.5.', 'VMWare Telco Cloud Platform 5.', 'VMWare Telco Cloud Platform 4.', 'VMWare Telco Cloud Platform 3.', 'VMWare Telco Cloud Platform 2.', 'VMWare Telco Cloud Infrastructure 3.', 'VMWare Telco Cloud Infrastructure 2.', 'VMWare Workstation 17.', 'VMWare Fusion 13.', 'VMWare Cloud Foundation ESX 9.0.0.0', 'VMWare vSphere Foundation ESX 9.0.0.0']

Name

['VMWare ESXi 7.0', 'VMWare ESXi 8.0', 'VMWare Cloud Foundation 5.*', 'VMWare Cloud Foundation 4.5.*', 'VMWare Telco Cloud Platform 5.*', 'VMWare Telco Cloud Platform 4.*', 'VMWare Telco Cloud Platform 3.*', 'VMWare Telco Cloud Platform 2.*', 'VMWare Telco Cloud Infrastructure 3.*', 'VMWare Telco Cloud Infrastructure 2.*', 'VMWare Workstation 17.*', 'VMWare Fusion 13.*', 'VMWare Cloud Foundation ESX 9.0.0.0', 'VMWare vSphere Foundation ESX 9.0.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-41236",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-41236"
    }
  },
  "description": "VMWare ESXi\u7b49\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMWare\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMWare ESXi\u200c\u662fVMWare\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u4f01\u4e1a\u7ea7Type-1\u865a\u62df\u5316\u7ba1\u7406\u7a0b\u5e8f\uff08Hypervisor\uff09\uff0c\u53ef\u76f4\u63a5\u5b89\u88c5\u5728\u7269\u7406\u670d\u52a1\u5668\u786c\u4ef6\u4e0a\u8fd0\u884c\uff0c\u65e0\u9700\u4f9d\u8d56\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\uff0c\u7528\u4e8e\u9ad8\u6548\u521b\u5efa\u548c\u7ba1\u7406\u865a\u62df\u673a\u3002VMWare Workstation\u662f\u4e00\u6b3e\u7531VMware\u516c\u53f8\u5f00\u53d1\u7684\u684c\u9762\u865a\u62df\u5316\u8f6f\u4ef6\uff0c\u5141\u8bb8\u7528\u6237\u5728\u4e00\u53f0\u7269\u7406\u8ba1\u7b97\u673a\u4e0a\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002VMWare Fusion\u662fVMware\u4e3aMacintosh\u8ba1\u7b97\u673a\u5f00\u53d1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u652f\u6301\u5728Mac\u4e0a\u8fd0\u884cWindows\u3001 Linux\u7b49\u64cd\u4f5c\u7cfb\u7edf\u3002 \n\n\u591a\u6b3eVMWare\u4ea7\u54c1\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eVMXNET3\u865a\u62df\u7f51\u7edc\u9002\u914d\u5668\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u6743\u9650\u63d0\u5347\u3001\u6570\u636e\u4e2d\u5fc3\u6a2a\u5411\u79fb\u52a8\u3001\u6570\u636e\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-18541",
  "openTime": "2025-08-15",
  "patchDescription": "VMWare ESXi\u7b49\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMWare\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMWare ESXi\u200c\u662fVMWare\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u4f01\u4e1a\u7ea7Type-1\u865a\u62df\u5316\u7ba1\u7406\u7a0b\u5e8f\uff08Hypervisor\uff09\uff0c\u53ef\u76f4\u63a5\u5b89\u88c5\u5728\u7269\u7406\u670d\u52a1\u5668\u786c\u4ef6\u4e0a\u8fd0\u884c\uff0c\u65e0\u9700\u4f9d\u8d56\u5e95\u5c42\u64cd\u4f5c\u7cfb\u7edf\uff0c\u7528\u4e8e\u9ad8\u6548\u521b\u5efa\u548c\u7ba1\u7406\u865a\u62df\u673a\u3002VMWare Workstation\u662f\u4e00\u6b3e\u7531VMware\u516c\u53f8\u5f00\u53d1\u7684\u684c\u9762\u865a\u62df\u5316\u8f6f\u4ef6\uff0c\u5141\u8bb8\u7528\u6237\u5728\u4e00\u53f0\u7269\u7406\u8ba1\u7b97\u673a\u4e0a\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002VMWare Fusion\u662fVMware\u4e3aMacintosh\u8ba1\u7b97\u673a\u5f00\u53d1\u7684\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\uff0c\u652f\u6301\u5728Mac\u4e0a\u8fd0\u884cWindows\u3001 Linux\u7b49\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\n\u591a\u6b3eVMWare\u4ea7\u54c1\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eVMXNET3\u865a\u62df\u7f51\u7edc\u9002\u914d\u5668\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3001\u6743\u9650\u63d0\u5347\u3001\u6570\u636e\u4e2d\u5fc3\u6a2a\u5411\u79fb\u52a8\u3001\u6570\u636e\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eVMWare\u4ea7\u54c1\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMWare ESXi 7.0",
      "VMWare ESXi 8.0",
      "VMWare Cloud Foundation 5.*",
      "VMWare Cloud Foundation 4.5.*",
      "VMWare Telco Cloud Platform 5.*",
      "VMWare Telco Cloud Platform 4.*",
      "VMWare Telco Cloud Platform 3.*",
      "VMWare Telco Cloud Platform 2.*",
      "VMWare Telco Cloud Infrastructure 3.*",
      "VMWare Telco Cloud Infrastructure 2.*",
      "VMWare Workstation 17.*",
      "VMWare Fusion 13.*",
      "VMWare Cloud Foundation ESX 9.0.0.0",
      "VMWare vSphere Foundation ESX 9.0.0.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-41236",
  "serverity": "\u9ad8",
  "submitTime": "2025-07-30",
  "title": "\u591a\u6b3eVMWare\u4ea7\u54c1\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

fkie_cve-2025-41236

Vulnerability from fkie_nvd

Published

2025-07-15 19:15

Modified

2025-07-15 20:07

Severity ?

9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@vmware.com	https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter.\u00a0A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue."
    },
    {
      "lang": "es",
      "value": "VMware ESXi, Workstation y Fusion presentan una vulnerabilidad de desbordamiento de enteros en el adaptador de red virtual VMXNET3. Un agente malicioso con privilegios de administrador local en una m\u00e1quina virtual con un adaptador de red virtual VMXNET3 podr\u00eda aprovechar este problema para ejecutar c\u00f3digo en el host. Los adaptadores virtuales que no sean VMXNET3 no se ven afectados por este problema."
    }
  ],
  "id": "CVE-2025-41236",
  "lastModified": "2025-07-15T20:07:28.023",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 6.0,
        "source": "security@vmware.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-15T19:15:21.303",
  "references": [
    {
      "source": "security@vmware.com",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    }
  ]
}

CERTFR-2025-AVI-0592

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 3.x et 2.x sans le correctif ESXi70U3w-24784741
VMware	Cloud Foundation	Cloud Foundation et vSphere Foundation versions 9.0.0.0 sans le correctif ESXi-9.0.0.0100-24813472
VMware	Fusion	Fusion versions 13.x antérieures à 13.6.4
VMware	Telco Cloud Platform	Telco Cloud Platform versions 3.x et 2.x sans le correctif ESXi70U3w-24784741
VMware	Cloud Foundation	Cloud Foundation versions 5.x sans le correctif ESXi80U3f-24784735
VMware	Workstation	Worstation versions 17.x antérieures à 17.6.4
VMware	VMware Tools	VMware Tools versions 13.x.x antérieures à 13.0.1.0 pour Windows
VMware	ESXi	ESXI versions 7.0 sans le correctif ESXi70U3w-24784741
VMware	VMware Tools	VMware Tools versions antérieures à 12.5.3 pour Windows
VMware	Cloud Foundation	Cloud Foundation versions 4.5.x sans le correctif ESXi70U3w-24784741
VMware	ESXi	ESXI versions 8.0 sans les correctifs ESXi80U3f-24784735 et ESXi80U2e-24789317

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-41236 (GCVE-0-2025-41236)

Vulnerability from cvelistv5

icsa-25-212-02

Vulnerability from csaf_cisa

ghsa-vvjv-89cj-78fr

Vulnerability from github

cnvd-2025-18541

Vulnerability from cnvd

fkie_cve-2025-41236

Vulnerability from fkie_nvd

CERTFR-2025-AVI-0592

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature