CVE-2025-41239

HIGH

VMware ESXi, Workstation, Fusion, VMware Tools - Info Disclosure

Title source: llm
STIX 2.1

Description

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.

References (1)

Scores

CVSS v3 7.1
EPSS 0.0006
EPSS Percentile 18.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-908
Status published
Products (10)
VMware/Cloud Foundation 5.x, 4.5.x
VMware/ESXi 7.0 - ESXi70U3w-24784741
VMware/ESXi 8.0 - ESXi80U2e-24789317
VMware/ESXi 8.0 - ESXi80U3f-24784735
VMware/Fusion 13.x - 13.6.4
VMware/Telco Cloud Infrastructure 3.x, 2.x
VMware/Telco Cloud Platform 5.x, 4.x, 3.x, 2.x
VMware/Tools 12.x.x, 11.x.x, - 12.5.3
VMware/Tools 13.x.x - 13.0.1.0
VMware/Workstation 17.x - 17.6.4
Published Jul 15, 2025
Tracked Since Feb 18, 2026