On July 15 and 16, 2025, four critical vulnerabilities affecting VMware‘s ESXi, Workstation, Fusion, and other associated products were disclosed by Broadcom. These flaws allow attackers to escape virtual machine (VM) guest environments and execute code on hosts, posing significant risks to enterprise infrastructures globally. Identified during the Pwn2Own Tokyo 2025 event, multiple security researchers reported nearly 100% reliability in exploiting these vulnerabilities, raising alarms across the cybersecurity community.
Four critical VMware vulnerabilities disclosed allow attackers to escape VM environments, posing severe risks to global enterprise infrastructures.
The affected VMware products encompass a broad spectrum, including Cloud Foundation, vSphere Foundation, ESXi, Workstation Pro, Fusion, VMware Tools, and Telco Cloud platforms. The vulnerabilities, with Common Vulnerability Scoring System (CVSS) scores reaching as high as 9.3, have been classified as critical in severity. Zero-day vulnerabilities can result in substantial financial losses when exploited before patches are available.
Particular vulnerabilities include CVE-2025-41236, which permits local attackers with administrative VM access to execute arbitrary host code via a VMXNET3 virtual network adapter, and CVE-2025-41237, allowing full host compromise through an out-of-bounds write vulnerability in the VMCI process. Moreover, CVE-2025-41238, related to a PVSCSI heap overflow, allows host-level code execution, whereas CVE-2025-41239 involves a lower severity information disclosure risk, leaking sensitive data such as cryptographic keys, which could facilitate follow-on attacks. Additionally, the presence of four critical vulnerabilities within a single product line emphasizes the urgency for companies to reinforce their security measures.
Remarkably, all four vulnerabilities highlight a common issue within device emulation code prevalent across VMware’s product ecosystem, broadening the potential attack surface. Additionally, the impact on systems is significant, as the most severe flaw could potentially lead to arbitrary code execution on hosts.
Mitigation efforts from VMware included the urgent release of patches addressing these vulnerabilities. VMware Tools for Windows was particularly targeted because of its vulnerability to information leaks from uninitialized memory reads.
The implications for host systems running affected software are severe, with risks of full compromise should VM guest exploitation occur. Hence, organizations utilizing these VMware products have been advised to apply patches immediately to safeguard their operations against potential attacks leveraging these vulnerabilities.
