Following the disclosure of four critical vulnerabilities in VMware‘s virtualization platforms, cybersecurity experts are warning organizations about unprecedented risks to enterprise infrastructure security. The flaws, revealed in July 2025, achieved maximum CVSS v3 base scores of 9.3, indicating severe threats to VMware’s ESXi, Workstation, Fusion, and related products across multiple platforms.
Security researchers demonstrated exploits with near-100% reliability at Pwn2Own Tokyo 2025, highlighting the practical dangers these vulnerabilities present. The flaws allow host escape attacks, permitting malicious actors controlling virtual machines to execute arbitrary code on underlying host systems, fundamentally compromising the security isolation that virtualization platforms rely upon.
CVE-2025-41236 targets the VMXNET3 virtual network adapter through an integer-overflow vulnerability, allowing attackers with local administrative access on guest VMs to achieve host-level code execution. The flaw particularly affects virtual machines utilizing VMXNET3 adapters as it leaves other virtual network configurations unaffected.
Critical integer-overflow flaw enables guest VM attackers to execute arbitrary code on host systems through VMXNET3 adapter exploitation.
CVE-2025-41237 exploits an integer underflow in VMware’s Virtual Machine Communication Interface, facilitating out-of-bounds memory writes that compromise VMX process integrity. This vulnerability allows full host compromise on Workstation and Fusion platforms, though ESXi’s sandbox architecture provides some containment by limiting exploitation to the VMX process.
CVE-2025-41238 involves a heap overflow in the paravirtualized SCSI controller, creating pathways for host-level code execution. Although ESXi systems face exposure only in unsupported configurations, Workstation and Fusion platforms remain fully vulnerable to exploitation through this attack vector.
CVE-2025-41239 presents information disclosure risks through uninitialized memory reads in vSockets components, primarily affecting VMware Tools for Windows environments. In spite of receiving a lower CVSS rating of 7.1, this vulnerability potentially exposes cryptographic keys and kernel pointers, facilitating sophisticated follow-on attacks.
The vulnerabilities impact shared device emulation code across VMware Cloud Foundation, vSphere Foundation, ESXi, Workstation Pro, Fusion, VMware Tools, and Telco Cloud platforms. The compromised systems create potential for lateral movement across virtualized infrastructures if organizations fail to deploy effective countermeasures. Organizations must implement immediate patching as mitigation strategies given the critical nature of these vulnerabilities. Broadcom issued urgent security advisories and patches on July 15, 2025, emphasizing immediate deployment across all affected systems to prevent potential infrastructure compromise.
