CVE-2025-41226

Summary

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled.

Affected Software

VendorProductVersion RangeStatus
VMwareESXi8.0 < ESXi80U3se-24659227affected
VMwareESXi7.0 < ESXi70U3sv-24723868affected
VMwareCloud Foundation5.x, 4.5.xaffected
VMwareTelco Cloud Platform5.x, 4.x, 3.x, 2.xaffected
VMwareTelco Cloud Infrastructure3.x, 2.xaffected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References