Vmware ESXI Vulnerabilities 07/2025
Our experts keep you up-to-date on critical cyber threats (CVEs)
4 actively used zero-day vulnerabilities in multiple VMware products were addressed with key patches.
Vmware ESXI Vulnerabilities 07/2025
Broadcom has issued a security advisory (VMSA-2025-0013) describing 4 zero-day vulnerabilities in multiple VMware products, including ESXi, Workstation and Fusion. These vulnerabilities, referred to as CVE-2025-41236, CVE-2025-41237, CVE-2025-41238 and CVE-2025-41239, are already being actively exploited in Practice
The most serious vulnerability (CVE-2025-41236) concerns an integer overflow in the VMXNET3 network adapter. This is a very critical vulnerability with a CVSS score of 9.3
Take action
All current VMware ESXi versions of 7.0 and 8.0 in production are vulnerable. Broadcom has released patches to address these vulnerabilities. It is essential to apply these updates immediately to ensure the security of your systems.
Available patches:
VMware ESXi 8.0:
ESXi80U3f-24784735
VMware ESXi 7.0:
ESXi70U3w-24784741
You can find more info on this on Broadcom's website.
What does VanRoey do?
Our security baseline significantly reduces the impact of these types of vulnerabilities by working with strict access control, network segmentation and the Zero Trust principle. Nevertheless, it is still advisable to implement available updates as soon as possible.
- Customers who use our Managed Services enjoy can rest assured: we are doing (or did) the necessary to secure your environment.
- Have you no Managed contract:
- Then you will either have to take the necessary measures yourself;
- or you can call on our expertise to fix it. Please do not hesitate to then a ticket or contact us at support@vanroey.be.
Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .
