en

Critical vulnerability in VMware ESXi

2025-07-16

VMware has patched four vulnerabilities, some of which are critical, in ESXi, Workstation and VMware Tools.

Three bugs (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238) allow attackers with VM admin rights to execute code on the host and leave VM sandboxes. A fourth (CVE-2025-41239) leads to data leakage via vSockets. The vulnerabilities were discovered during the Pwn2Own competition.

Most of the patches are available from the manufacturer.

The other security vulnerabilities listed above can generally only be exploited in a VIVAVIS control system environment by an internal perpetrator. We therefore classify the threat level as low.

If you have any further questions or require assistance, please contact our customer centre.

Ansprechpartner
Peter Schwark


RSS-Feed

Our RSS feed always keeps you up to date! This way, you’ll receive same-day notification when a new article has been posted to the IT Security Bulletin. Just enter the following link in your feed reader: https://www.vivavis.com/en/category/it-security-en/feed/

You can find out how to integrate the RSS feed into Outlook here.

Call now
Call now +49 7243 218 0
Send Mail
Send Mail info@vivavis.com
Locations & Contact
Locations & Contact Explore now