Back in May at Pwn2Own Berlin 2025 a couple of new VMware ESXi, Workstation/Fusion and VMware Tools exploits were successfully exploited.
Today Broadcom has released a new security advisory, VMSA-2025-0013, specifically targeting these exploits.
The fixed exploits are as follows, with the corresponding CVSSv3 scores:
VMXNET3 integer-overflow vulnerability (CVE-2025-41236)#
Maximum CVSSv3 base score of 9.3.
VMCI integer-underflow vulnerability (CVE-2025-41237)#
Maximum CVSSv3 base score of 9.3.
PVSCSI heap-overflow vulnerability (CVE-2025-41238)#
Maximum CVSSv3 base score of 9.3.
vSockets information-disclosure vulnerability (CVE-2025-41239)#
CVSSv3 base score of 7.1
Comments#
Based on the potentially high CVSSv3 scores here of 9.3, it’s important to get all systems patched as soon as possible before this gets exploited in the wild.
Broadcom has also created it’s own FAQ page with more details: VMSA-2025-0013: Questions & Answers which covers a lot of good information.
Especially this bulletpoint in the FAQ highlight the danger that this poses:
- Is this a “VM Escape?”
Yes. This is a situation where an attacker who has already compromised a virtual machine’s guest OS and gained privileged access (administrator or root) could escape into the hypervisor itself. These issues are resolved by updating ESX.
The short of it is that ALL ESXi/ESX and VMware Tools versions are affected by this, and needs to be patched ASAP.