Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-41227
CVE-2025-41227:
VMware Workstation vulnerability analysis and mitigation
Overview
VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability (CVE-2025-41227) that was disclosed on May 20, 2025. The vulnerability affects multiple VMware products including ESXi 7.0 and 8.0, Workstation 17.x, and Fusion 13.x. This security flaw is related to certain guest options and has been evaluated with a CVSSv3 base score of 5.5, indicating moderate severity (VMware Advisory, NVD).
Technical details
The vulnerability is classified as an uncontrolled resource consumption issue (CWE-400). It specifically involves a scenario where memory exhaustion of the host process can occur through certain guest options. The vulnerability has received a CVSS v3.1 score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially causing high availability impact (VMware Advisory).
Impact
When successfully exploited, this vulnerability can lead to a denial-of-service condition by exhausting the memory of the host process. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity. The vulnerability affects the host system's stability and could potentially impact the performance and availability of virtual machines running on the affected host (VMware Advisory, Cybersecurity News).
Mitigation and workarounds
Broadcom has released patches to address this vulnerability. Users of affected products should update to the following versions: ESXi 8.0 users should apply patch ESXi80U3se-24659227, ESXi 7.0 users should apply patch ESXi70U3sv-24723868, Workstation users should update to version 17.6.3, and Fusion users should update to version 13.6.3. No workarounds are available for this vulnerability, making patching the only effective mitigation strategy (VMware Advisory).
Community reactions
The vulnerability was reported to VMware by the National Security Agency, highlighting the significance of the security flaw and the collaboration between government security agencies and private sector companies in identifying and addressing cybersecurity threats (VMware Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management