Category: VMware Tools

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities

By Lerpong Intaraworrapath | July 22nd, 2025

VMSA-2025-0013: VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

Advisory ID: VMSA-2025-0013
Advisory Severity:Critical
CVSSv3 Range:6.2-9.3
Synopsis:VMware ESXi, Workstation, Fusion, and Tools updates address multiple vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239)
Issue date:2025-07-15
Updated on:2025-07-15 (Initial Advisory)
CVE(s)CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239

Impacted Products

  • VMware Cloud Foundation
  • VMware vSphere Foundation
  • VMware ESXi
  • VMware Workstation Pro
  • VMware Fusion
  • VMware Tools
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure

Introduction

Multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools were privately reported to Broadcom. Updates are available to remediate these vulnerabilities in affected Broadcom products. 

A.VMXNET3 integer-overflow vulnerability (CVE-2025-41236) 

B.VMCI integer-underflow vulnerability (CVE-2025-41237) 

C.PVSCSI heap-overflow vulnerability (CVE-2025-41238)

More here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

https://support.broadcom.com/web/ecx/security-advisory?

https://www.broadcom.com/support/vmware-services/security-response

https://support.broadcom.com/group/ecx/productlifecycle

https://blogs.vmware.com/security