Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-41236

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.

Published

2025-07-15T19:15:21.303

Last Modified

2025-07-15T20:07:28.023

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 9.3 (CRITICAL)

Weaknesses

Type: Secondary
CWE-787

Affected Vendors & Products

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877 ([email protected])