【Vulnerability Alert】VMware ESXi, Workstation, Fusion, and Tools Have 3 Major Security Vulnerabilities

• Subject: 【Vulnerability Alert】VMware ESXi, Workstation, Fusion, and Tools Have 3 Major Security Vulnerabilities

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000011
  1. 【CVE-2025-41236, CVSS: 9.3】 VMware ESXi, Workstation, and Fusion's VMXNET3 virtual network adapter has an integer overflow vulnerability.
  2. 【CVE-2025-41237, CVSS: 9.3】 VMware ESXi, Workstation, and Fusion's VMCI has an integer underflow vulnerability, which may lead to out-of-bounds writes.
  3. 【CVE-2025-41238, CVSS: 9.3】 VMware ESXi, Workstation, and Fusion's PVSCSI controller has a stack overflow vulnerability, which may lead to out-of-bounds writes.
• Affected Platforms:
  • VMware Cloud Foundation
  • VMware vSphere Foundation
  • VMware ESXi
  • VMware Workstation Pro
  • VMware Fusion
  • VMware Tools
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure
• Suggested Measures:
  • Apply the solutions released on the official website: https://support.broadcom.com/web/ecx/support-content-notification/-1

Computer and Communications Center
Network Systems Division Respectfully