CVE-2025-41239
- EPSS 2.15%
- Veröffentlicht 15.07.2025 18:35:03
- Zuletzt bearbeitet 15.04.2026 00:35:42
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to ex...
CVE-2025-41238
- EPSS 0.39%
- Veröffentlicht 15.07.2025 18:34:48
- Zuletzt bearbeitet 15.04.2026 00:35:42
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit t...
CVE-2025-41237
- EPSS 0.39%
- Veröffentlicht 15.07.2025 18:34:21
- Zuletzt bearbeitet 15.04.2026 00:35:42
VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this iss...
CVE-2025-41236
- EPSS 2.17%
- Veröffentlicht 15.07.2025 18:34:12
- Zuletzt bearbeitet 15.04.2026 00:35:42
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this i...
CVE-2025-22245
- EPSS 0.22%
- Veröffentlicht 04.06.2025 19:32:42
- Zuletzt bearbeitet 14.07.2025 17:22:07
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2025-22244
- EPSS 0.26%
- Veröffentlicht 04.06.2025 19:32:17
- Zuletzt bearbeitet 14.07.2025 17:22:22
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVE-2025-22243
- EPSS 0.31%
- Veröffentlicht 04.06.2025 19:31:36
- Zuletzt bearbeitet 14.07.2025 17:22:34
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVE-2025-41228
- EPSS 0.79%
- Veröffentlicht 20.05.2025 14:24:34
- Zuletzt bearbeitet 15.04.2026 00:35:42
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to...
CVE-2025-41227
- EPSS 0.15%
- Veröffentlicht 20.05.2025 14:24:29
- Zuletzt bearbeitet 15.04.2026 00:35:42
VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory o...
CVE-2025-41226
- EPSS 0.24%
- Veröffentlicht 20.05.2025 14:24:24
- Zuletzt bearbeitet 15.04.2026 00:35:42
VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to cre...