July 2025 - ilerpong.com

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities

By Lerpong Intaraworrapath | July 22nd, 2025

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

Advisory ID:	VMSA-2025-0013
Advisory Severity:	Critical
CVSSv3 Range:	6.2-9.3
Synopsis:	VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
Issue date:	2025-07-15
Updated on:	2025-07-15 (Initial Advisory)
CVE(s)	CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239

Impacted Products

VMware Cloud Foundation
VMware vSphere Foundation
VMware ESXi
VMware Workstation Pro
VMware Fusion
VMware Tools
VMware Telco Cloud Platform
VMware Telco Cloud Infrastructure

Introduction

Multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products.

A.VMXNET3 integer-overflow vulnerability (CVE-2025-41236)

B.VMCI integer-underflow vulnerability (CVE-2025-41237)

C.PVSCSI heap-overflow vulnerability (CVE-2025-41238)

More here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

https://support.broadcom.com/web/ecx/security-advisory?

https://www.broadcom.com/support/vmware-services/security-response

https://support.broadcom.com/group/ecx/productlifecycle

https://blogs.vmware.com/security

VMware Aria Operations 8.18 Hot Fix 6

By Lerpong Intaraworrapath | 16th June 2025

Please be notified that VMware has released Aria Operations 8.18 HF6, which fixes a few problems and addresses numerous CVEs.

https://knowledge.broadcom.com/external/article?articleId=398034

https://support.broadcom.com/web/ecx/solutiondetails?patchId=5858

It may be applied to any 8.18.x environment and when applied will move you to 8.18.3 (24746341).

How to get the Pre-Upgrade Assessment Tool and Patch file?

Noted: step below to download the patch file that you may patch directly to VMware Aria Operations

1.Go to https://support.broadcom.com and sign in using your credentials.

2.Go to “My Download” and select “VMware“.

3.Type “Aria” and then click “Show Results“.

4.Select “VMware Aria Operations”.

5.Select “Solutions” and then “VMware Aria Operations“.

6.Go to “VMware-Aria-Operations-8.18-HF6“.

7.Download 2 files.

1.APUAT-for-8.14.x-8.18.3.24576666.pak – Pre-Upgrade Readiness Assessment Tool for VMware Aria Operations
https://knowledge.broadcom.com/external/article/324358/using-the-preupgrade-readiness-assessmen.html
2.vRealize_Operations_Manager_With_CP-8.14.x-to-8.18.3.24746337.pak – Patch file

8.Once downloaded, use the Admin UI at https://your_ops_fqdn_here/admin. Navigate to Software Update – INSTALL A SOFTWARE UPDATE and point it to your APUAT pak file.

9.And then apply HF6 via the Software Update page, BROWSE to your file.

Reference

https://knowledge.broadcom.com/external/article?articleId=398034

https://knowledge.broadcom.com/external/article?articleNumber=342576

https://support.broadcom.com/web/ecx/solutiondetails?patchId=5858

VMware Cloud Foundation 9

By Lerpong Intaraworrapath | 2nd July 2025

As of today, VMware Cloud Foundation 9.0 is generally available.

VMware Cloud Foundation 9 (VCF 9) is being developed with the intention of simplifying how businesses deploy and manage contemporary infrastructure. It will enable enterprises to manage their whole infrastructure as a single, integrated system.

Impacted Products

Introduction

More here:

How to get the Pre-Upgrade Assessment Tool and Patch file?

Reference

What’s New in VMware Cloud Foundation 9.0

Introducing VMware Cloud Foundation 9

Broadcom TechDocs