VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
Tue, 15 Jul 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 15 Jul 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue. | |
Title | VMXNET3 integer-overflow vulnerability | |
Weaknesses | CWE-787 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: vmware
Published: 2025-07-15T18:34:12.719Z
Updated: 2025-07-16T03:55:58.257Z
Reserved: 2025-04-16T09:30:17.798Z
Link: CVE-2025-41236

Updated: 2025-07-15T20:45:34.233Z

Status : Awaiting Analysis
Published: 2025-07-15T19:15:21.303
Modified: 2025-07-15T20:07:28.023
Link: CVE-2025-41236

No data.