【Vulnerability Alert】Three Critical Information Security Vulnerabilities Found in VMware ESXi, Workstation, Fusion, and Tools
publish date :
2025-07-28
update date :
2025-07-28
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025071703075858 | Publication Time | 2025/07/17 15:18 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/07/17 15:18 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Three Critical Information Security Vulnerabilities Found in VMware ESXi, Workstation, Fusion, and Tools |
|||
| [Content] Forwarded from TWCERTCC-200-202507-00000011 【CVE-2025-41236, CVSS: 9.3】 An integer overflow vulnerability exists in the VMXNET3 virtual network interface of VMware ESXi, Workstation, and Fusion. 【CVE-2025-41237, CVSS: 9.3】 An integer underflow vulnerability exists in the VMCI of VMware ESXi, Workstation, and Fusion, which may lead to out-of-bounds write. 【CVE-2025-41238, CVSS: 9.3】 A stack overflow vulnerability exists in the PVSCSI controller of VMware ESXi, Workstation, and Fusion, which may lead to out-of-bounds write. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ● VMware Cloud Foundation ● VMware vSphere Foundation ● VMware ESXi ● VMware Workstation Pro ● VMware Fusion ● VMware Tools ● VMware Telco Cloud Platform ● VMware Telco Cloud Infrastructure |
|||
| [Recommended Actions] Follow the remediation measures released on the official website: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877 |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10250-08712-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center