VMware fastened 4 vulnerabilities in VMware ESXi, Workstation, Fusion, and Instruments that have been exploited as zero-days throughout the Pwn2Own Berlin 2025 hacking contest in Might 2025.
Three of the patched flaws have a severity score of 9.3, as they permit packages operating in a visitor digital machine to execute instructions on the host. These flaws are tracked as CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238.
These flaws are described within the security advisory as:
- CVE-2025-41236: VMware ESXi, Workstation, and Fusion include an integer-overflow vulnerability within the VMXNET3 digital community adapter. Nguyen Hoang Thach of STARLabs SG used this flaw at Pwn2Own.
- CVE-2025-41237: VMware ESXi, Workstation, and Fusion include an integer-underflow in VMCI (Digital Machine Communication Interface) that results in an out-of-bounds write. This flaw was utilized by Corentin BAYET of REverse Techniques at Pwn2Own.
- CVE-2025-41238: VMware ESXi, Workstation, and Fusion include a heap-overflow vulnerability within the PVSCSI (Paravirtualized SCSI) controller that results in an out of-bounds write. A malicious actor with native administrative privileges on a digital machine might exploit this challenge to execute code because the digital machine’s VMX course of operating on the host. Thomas Bouzerar and Etienne Helluy-Lafont of Synacktiv at Pwn2Own used this flaw.
The fourth flaw, tracked as CVE-2025-41239, obtained a 7.1 score as it’s an info disclosure. It was additionally found by Corentin BAYET of REverse Techniques, who chained with CVE-2025-41237 throughout the hacking contest.
VMware has not supplied any workarounds, and the one technique to repair these vulnerabilities is to put in the brand new variations of the software program.
It must be famous that CVE-2025-41239 impacts VMware Instruments for Home windows, which requires a special improve course of.
These vulnerabilities have been demonstrated as zero-days throughout the Pwn2Own Berlin 2025 hacking contest, the place security researchers collected $1,078,750 after exploiting 29 zero-day vulnerabilities.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud security drives enterprise worth.
This free, editable board report deck helps security leaders current threat, affect, and priorities in clear enterprise phrases. Flip security updates into significant conversations and quicker decision-making within the boardroom.
