CVE-2025-41239: 
VMware Workstation vulnerability analysis and mitigation

VMware ESXi, Workstation, Fusion, and VMware Tools contain an information disclosure vulnerability (CVE-2025-41239) due to the usage of an uninitialized memory in vSockets. The vulnerability was discovered during the Pwn2Own Berlin 2025 hacking contest and disclosed on July 15, 2025. The affected products include VMware Cloud Foundation, vSphere Foundation, ESXi, Workstation Pro, Fusion, VMware Tools, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure (VMware Advisory).

The vulnerability exists in the vSockets communication mechanism and results from the usage of uninitialized memory. It has received a CVSS v3.1 base score of 7.1 (Important) for ESXi, Workstation, and Fusion, and 6.2 (Moderate) for VMware Tools. The vulnerability specifically affects VMware Tools for Windows across versions 11.x, 12.x, and 13.x, while Linux and macOS implementations remain unaffected (VMware Advisory, Bleeping Computer).

A malicious actor with local administrative privileges on a virtual machine can exploit this vulnerability to leak memory from processes communicating with vSockets. This could potentially expose sensitive information including cryptographic keys and kernel pointers, which might facilitate other attacks (GBHackers, VMware Advisory).

Broadcom has released patches to address this vulnerability. Users should upgrade to VMware Tools 13.0.1.0 for version 13.x systems, and VMware Tools 12.5.3 for versions 12.x and 11.x. No workarounds are available, making it essential to apply the provided patches. Organizations must update both hypervisor and Tools components, as updating only the hypervisor leaves the information disclosure vulnerability active (VMware Advisory).