VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
Tue, 15 Jul 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 15 Jul 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | |
Title | VMCI integer-underflow vulnerability | |
Weaknesses | CWE-787 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: vmware
Published: 2025-07-15T18:34:21.083Z
Updated: 2025-07-16T03:55:59.690Z
Reserved: 2025-04-16T09:30:17.798Z
Link: CVE-2025-41237

Updated: 2025-07-15T20:45:55.006Z

Status : Awaiting Analysis
Published: 2025-07-15T19:15:22.263
Modified: 2025-07-15T20:07:28.023
Link: CVE-2025-41237

No data.