CVE-2025-41237
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: VMware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vmware | fusion | * |
| vmware | workstation | * |
| vmware | esxi | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer-underflow in VMware's VMCI (Virtual Machine Communication Interface) that causes an out-of-bounds write. A malicious user with local administrative privileges on a virtual machine can exploit this flaw to execute code as the VMX process on the host. On ESXi, the exploit is limited to the VMX sandbox, but on Workstation and Fusion, it can lead to code execution on the host machine where these products are installed.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with local admin access on a virtual machine to execute arbitrary code on the host system. This can lead to full compromise of the host system or the virtual machine's VMX process, potentially resulting in data loss, unauthorized access, or disruption of services.