HomeTechnologyVMware fixes 4 ESXi zero-day bugs exploited at Pwn2Own Berlin
Technology

VMware fixes 4 ESXi zero-day bugs exploited at Pwn2Own Berlin

By Jules Jackson
0
6
VMware fixes 4 ESXi zero-day bugs exploited at Pwn2Own Berlin


VMware fixes 4 ESXi zero-day bugs exploited at Pwn2Own Berlin

VMware mounted 4 vulnerabilities in VMware ESXi, Workstation, Fusion, and Instruments that had been exploited as zero-days through the Pwn2Own Berlin 2025 hacking contest in Could 2025.

Three of the patched flaws have a severity ranking of 9.3, as they permit applications operating in a visitor digital machine to execute instructions on the host. These flaws are tracked as CVE-2025-41236, CVE-2025-41237, and CVE-2025-41238.

These flaws are described within the safety advisory as:

  • CVE-2025-41236: VMware ESXi, Workstation, and Fusion comprise an integer-overflow vulnerability within the VMXNET3 digital community adapter. Nguyen Hoang Thach of STARLabs SG used this flaw at Pwn2Own.

  • CVE-2025-41237: VMware ESXi, Workstation, and Fusion comprise an integer-underflow in VMCI (Digital Machine Communication Interface) that results in an out-of-bounds write. This flaw was utilized by Corentin BAYET of REverse Ways at Pwn2Own.

  • CVE-2025-41238: VMware ESXi, Workstation, and Fusion comprise a heap-overflow vulnerability within the PVSCSI (Paravirtualized SCSI) controller that results in an out of-bounds write. A malicious actor with native administrative privileges on a digital machine might exploit this problem to execute code because the digital machine’s VMX course of operating on the host. Thomas Bouzerar and Etienne Helluy-Lafont of Synacktiv at Pwn2Own used this flaw.

The fourth flaw, tracked as CVE-2025-41239, acquired a 7.1 ranking as it’s an data disclosure. It was additionally found by Corentin BAYET of REverse Ways, who chained with CVE-2025-41237 through the hacking contest.

VMware has not offered any workarounds, and the one solution to repair these vulnerabilities is to put in the brand new variations of the software program.

It ought to be famous that CVE-2025-41239 impacts VMware Instruments for Home windows, which requires a totally different improve course of.

These vulnerabilities had been demonstrated as zero-days through the Pwn2Own Berlin 2025 hacking contest, the place safety researchers collected $1,078,750 after exploiting 29 zero-day vulnerabilities.


Wiz

Comprise rising threats in actual time – earlier than they affect what you are promoting.

Learn the way cloud detection and response (CDR) offers safety groups the sting they want on this sensible, no-nonsense information.

Previous article👽 glass of minions・ STL File for 3D printing・Cults
Next article‘Utopian’ metropolis California Perpetually proclaims large tech manufacturing park 
Jules Jacksonhttps://expertlifetips.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Load more

Recent Comments

ABOUT US

Expertlifetips is your technology, gadget, and 3D printing website. We provide you with the latest breaking news and videos straight from the technology industry.

POPULAR POSTS

POPULAR CATEGORY

Copyrights 2025 © expertlifetips.com. All rights reserved.