VMware fixed four vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools that were exploited as zero-days during the Pwn2Own Berlin 2025 hacking contest in May 2025.
Three of the patched flaws have a severity rating of 9.3, as they allow programs running in a guest virtual machine to execute commands on the host. These flaws are tracked as CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238.
These flaws are described in the security advisory as:
- CVE-2025-41236: VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. Nguyen Hoang Thach of STARLabs SG used this flaw at Pwn2Own.
- CVE-2025-41237: VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. This flaw was used by Corentin BAYET of REverse Tactics at Pwn2Own.
- CVE-2025-41238: VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. Thomas Bouzerar and Etienne Helluy-Lafont of Synacktiv at Pwn2Own used this flaw.
The fourth flaw, tracked as CVE-2025-41239, received a 7.1 rating as it is an information disclosure. It was also discovered by Corentin BAYET of REverse Tactics, who chained with CVE-2025-41237 during the hacking contest.
VMware has not provided any workarounds, and the only way to fix these vulnerabilities is to install the new versions of the software.
It should be noted that CVE-2025-41239 impacts VMware Tools for Windows, which requires a different upgrade process.
These vulnerabilities were demonstrated as zero-days during the Pwn2Own Berlin 2025 hacking contest, where security researchers collected $1,078,750 after exploiting 29 zero-day vulnerabilities.
CISOs know that getting board buy-in starts with a clear, strategic view of how cloud security drives business value.
This free, editable board report deck helps security leaders present risk, impact, and priorities in clear business terms. Turn security updates into meaningful conversations and faster decision-making in the boardroom.
