9.3
CVE-2025-41236
- EPSS 0.13%
- Veröffentlicht 15.07.2025 18:34:12
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
VMXNET3 integer-overflow vulnerability
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerVMware
≫
Produkt
ESXi
Default Statusunaffected
Version
8.0
Version <
ESXi80U3f-24784735
Status
affected
Version
8.0
Version <
ESXi80U2e-24789317
Status
affected
Version
7.0
Version <
ESXi70U3w-24784741
Status
affected
HerstellerVMware
≫
Produkt
Cloud Foundation
Default Statusunaffected
Version
5.x, 4.5.x
Status
affected
HerstellerVMware
≫
Produkt
Workstation
Default Statusunaffected
Version
17.x
Version <
17.6.4
Status
affected
HerstellerVMware
≫
Produkt
Fusion
Default Statusunaffected
Version <=
13.6.4
Version
13.x
Status
affected
HerstellerVMware
≫
Produkt
Telco Cloud Platform
Default Statusunaffected
Version
5.x, 4.x, 3.x, 2.x
Status
affected
HerstellerVMware
≫
Produkt
Telco Cloud Infrastructure
Default Statusunaffected
Version
3.x, 2.x
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.316 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@vmware.com | 9.3 | 2.5 | 6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.