VMware Product Security Update Advisory

Overview

We have released security updates to fix vulnerabilities in VMware products. Users of affected products are advised to update to the latest version.

 

Affected Products

CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239

 

VMware Cloud Foundation (ESX) Version: 9.0.0.0
VMware Cloud Foundation on Windows (VMware Tools) Version: 13.0.0.0
VMware vSphere Foundation (ESX) Version: 9.0.0.0
VMware vSphere Foundation on Windows (VMware Tools) Version: 13.0.0.0
VMware ESXi Version: 8.0
VMware ESXi Version: 7.0
VMware Workstation Version: 17.0 or later
VMware Fusion Version: 13.0 or later
VMware Cloud Foundation Version: 5.0 or later
VMware Cloud Foundation Version: 4.5.0 or later
VMware Telco Cloud Platform Version: 5.0 or later
VMware Telco Cloud Platform Version: 4.0 or later
VMware Telco Cloud Platform Version: 3.0 or later
VMware Telco Cloud Platform Version: 2.0 and later
VMware Telco Cloud Infrastructure Version: 3.0 and later
VMware Telco Cloud Infrastructure Version: 2.0 or later
VMware Tools on Windows Version: 13.0.0 or later
VMware Tools on Windows Version: 12.0.0 or later
VMware Tools on Windows Version: 11.0.0 or later

 

 

Resolved Vulnerabilities

Integer Overflow Vulnerability in VMXNET3 Virtual Network Adapter in VMware ESXi, Workstation, and Fusion (CVE-2025-41236)
Integer Underflow Vulnerability in VMCI in VMware ESXi, Workstation, and Fusion (CVE-2025-41237)
Heap Overflow Vulnerability in PVSCSI Controller in VMware ESXi, Workstation, and Fusion (CVE-2025-41238)
Memory Information Leak Vulnerability in vSockets in VMware ESXi, Workstation, Fusion, and VMware Tools (CVE-2025-41239)
 

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-41236, CVE-2025-41237, cCVE-2025-41238, CVE-2025-41239

 

VMware Cloud Foundation (ESX), VMware vSphere Foundation (ESX) version: ESXi-9.0.0.0100-24813472
VMware Cloud Foundation on Windows (VMware Tools) Version: 13.0.1.0
VMware vSphere Foundation on Windows (VMware Tools) Version: 13.0.1.0
VMware ESXi, VMware Cloud Foundation, VMware Telco Cloud Platform Version: ESXi80U3f-24784735
VMware ESXi Version: ESXi80U2e-24789317
VMware ESXi, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure Version: ESXi70U3w – 24784741
VMware Workstation Version: 17.6.4
VMware Fusion Version: 13.6.4
VMware Tools on Windows Version: 13.0.1.0
VMware Tools on Windows Version: 12.5.3

References

[1] VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877