Critical VMware vulnerabilities enable Virtual Machine escape, host compromise

Broadcom has addressed multiple critical security vulnerabilities in VMware's virtualization platform that could allow attackers to escape from virtual machines and execute malicious code on host systems. The vulnerabilities were presented during the Pwn2Own 2025 competition in Berlin, Germany.

Vulnerabilities summary

• CVE-2025-41236 (CVSS score 9.3) - integer-overflow vulnerability that affects the VMXNET3 virtual network adapter in VMware ESXi, Workstation, and Fusion. A malicious actor with local administrative privileges on a virtual machine usinf the VMXNET3 virtual network adapter can exploit this issue to execute arbitrary code on the host system. VMXNET3 is VMware's default and most widely used virtual network adapter.
• CVE-2025-41237 (CVSS score 9.3) - integer-underflow vulnerability that affects the Virtual Machine Communication Interface (VMCI) in VMware ESXi, Workstation, and Fusion. Attackers with local administrative privileges on a virtual machine can exploit this issue to execute code as the virtual machine's VMX process running on the host. ESXi contains the exploitation within the VMX sandbox but Workstation and Fusion deployments are vulnerable to  complete host compromise.
• CVE-2025-41238 (CVSS score 9.3) - heap-overflow vulnerability that affects the Paravirtualized SCSI (PVSCSI) controller in VMware ESXi, Workstation, and Fusion. Attackers with local administrative privileges on a virtual machine can exploit this vulnerability to execute code as the virtual machine's VMX process on the host. ESXi implementations are only vulnerable with unsupported configurations, but Workstation and Fusion are fully exposed to host-level code execution.
• CVE-2025-41239 (CVSS score 7.1) - information-disclosure vulnerability that affects VMware ESXi, Workstation, Fusion, and VMware Tools due to the usage of uninitialized memory in vSockets. Attackers with local administrative privileges on a virtual machine can exploit this issue to leak memory from processes communicating with vSockets, exposing sensitive information including cryptographic keys, authentication tokens, and memory contents that could be used in other attacks.

The vulnerabilities impact multiple VMware products with different deployment scenarios 

• VMware Cloud Foundation and vSphere Foundation 9.0.0.0 are unaffected by CVE-2025-41236, CVE-2025-41238, and CVE-2025-41239, but are vulnerable to CVE-2025-41237.
• VMware ESXi versions 7.0 and 8.0 are affected by all four vulnerabilities
• VMware Workstation Pro 17.x and VMware Fusion 13.x are vulnerable to all four vulnerabilities
• VMware Tools for Windows (versions 13.x.x, 12.x.x, and 11.x.x) are affected by CVE-2025-41239. VMware Tools for  Linux and macOS versions are not affected.
• VMware Cloud Foundation 5.x and 4.5.x, VMware Telco Cloud Platform (versions 5.x through 2.x), and VMware Telco Cloud Infrastructure (versions 3.x and 2.x) are also affected. 

Broadcom has released patches for all affected products and versions. 

• VMware ESXi 8.0 should be updated to ESXi80U3f-24784735 or ESXi80U2e-24789317,
• VMware ESXi 7.0 should be updated to ESXi70U3w-24784741,
• VMware Workstation Pro should be updated to 17.6.4,
• VMware Fusion should be updated to 13.6.4,
• VMware Tools for Windows should be updated to 13.0.1.0 or 12.5.3
• VMware Cloud Foundation deployments can apply asynchronous patches following the guidance in knowledge base article KB88287.

No workarounds are available for any of the identified vulnerabilities.

The vulnerabilities were demonstrated during Pwn2Own 2025 with near-perfect reliability rates. Proof-of-concept exploits already exist and could be weaponized by hackers.