Our experts keep you up-to-date on critical cyber threats (CVEs)
Broadcom has issued a security advisory (VMSA-2025-0013) describing 4 zero-day vulnerabilities in multiple VMware products, including ESXi, Workstation and Fusion. These vulnerabilities, referred to as CVE-2025-41236, CVE-2025-41237, CVE-2025-41238 and CVE-2025-41239, are already being actively exploited in Practice
The most serious vulnerability (CVE-2025-41236) concerns an integer overflow in the VMXNET3 network adapter. This is a very critical vulnerability with a CVSS score of 9.3
All current VMware ESXi versions of 7.0 and 8.0 in production are vulnerable. Broadcom has released patches to address these vulnerabilities. It is essential to apply these updates immediately to ensure the security of your systems.
Available patches:
VMware ESXi 8.0:
ESXi80U3f-24784735
VMware ESXi 7.0:
ESXi70U3w-24784741
You can find more info on this on Broadcom's website.
What does VanRoey do?
Our security baseline significantly reduces the impact of these types of vulnerabilities by working with strict access control, network segmentation and the Zero Trust principle. Nevertheless, it is still advisable to implement available updates as soon as possible.
Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .
Receive our newsletter including invitations to events & interesting industry news!
Receive alerts from current CVEs and tips to remedy them!
Discover the countless possibilities of SharePoint. From enhanced internal communication to more efficient document and project management...