CVE-2025-41237
VMware Workstation vulnerability analysis and mitigation

Overview

VMware ESXi, Workstation, and Fusion contain an integer-underflow vulnerability in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. The vulnerability, tracked as CVE-2025-41237, was discovered during the Pwn2Own Berlin 2025 hacking contest in May 2025 and was publicly disclosed on July 15, 2025. The flaw affects VMware ESXi versions 7.0 and 8.0, Workstation Pro 17.x, and Fusion 13.x (Bleeping Computer, VMware Advisory).

Technical details

The vulnerability stems from an integer-underflow condition in the VMCI component that leads to out-of-bounds write operations. It received a Critical CVSS v3.1 base score of 9.3 for Workstation/Fusion and 8.4 for ESXi. The vulnerability was discovered by Corentin BAYET of REverse Tactics during the Pwn2Own competition (Cyber Security News, VMware Advisory).

Impact

When exploited, this vulnerability allows a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host. On ESXi systems, the exploitation is contained within the VMX sandbox, while on Workstation and Fusion, it can lead to code execution on the host machine where the virtualization software is installed (VMware Advisory).

Mitigation and workarounds

Broadcom has released patches to address this vulnerability. Users should upgrade to ESXi80U3f-24784735 for ESXi 8.0, ESXi70U3w-24784741 for ESXi 7.0, Workstation Pro 17.6.4, and Fusion 13.6.4. No workarounds are available, making patching the only solution (VMware Advisory).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management