VMware patches some critical security vulnerabilities
There are some critical security vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools. Updates are available to fix them.
VMware is updating its software.
(Image: heise online / dmk)
The manufacturer Broadcom has warned of security vulnerabilities, some of which are critical, in VMware ESXi, Workstation, Fusion, and Tools. The developers have put together updated software packages to fix the vulnerabilities.
In Broadcom's security advisory, they explain the four newly discovered security vulnerabilities. In VMware ESXi, Workstation, and Fusion, attackers with admin rights in a VM with a virtual VMXNET3 network adapter can cause an integer overflow. This allows them to execute code in the host system (CVE-2025-41236 / EUVD-2025-21544, CVSS 9.3, risk “critical”). In the same software, an integer underflow can also be triggered in the VMCI code (Virtual Machine Communication Interface), which leads to write access outside the intended memory areas. This allows administrators in a VM to execute code with the privileges of the VMX process on the host (CVE-2025-41237 / EUVD-2025-21543, CVSS 9.3, risk “critical”).
Critical triad
The third critical vulnerability is found in the paravirtualized SCSI controller (PVSCSI) of the three products. Admins in virtual machines can trigger a heap-based buffer overflow in it and subsequently write outside designated memory boundaries. This allows them to run code with the rights of the VMX process on the host. On VMware ESXi, the VMX sandbox is supposed to keep exploits in check, and the vulnerability should only be exploitable in unsupported configurations (CVE-2025-41238 / EUVD-2025-21542, CVSS 9.3, risk “critical”).
As a final vulnerability, Broadcom reports the use of uninitialized memory in vSockets from VMware ESXi, Workstation, Fusion, and VMware Tools. Malicious actors with admin rights in a VM can exploit this to leak and read memory areas from processes that communicate with vSockets.
Videos by heise
In its security advisory, Broadcom lists the exact VMware product versions affected and also provides links to the updated software packages. Since most of the vulnerabilities are considered critical, administrators should not hesitate to install the updates as soon as possible.
Broadcom last had to close security vulnerabilities in VMware NSX at the beginning of June. The developers classified some of them as high-risk. Among other things, attackers could have used them to inject and execute malicious code.
(dmk)
