CVE-2025-41239
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| VMware | ESXi | 8.0 < ESXi80U3f-24784735 | affected |
| VMware | ESXi | 8.0 < ESXi80U2e-24789317 | affected |
| VMware | ESXi | 7.0 < ESXi70U3w-24784741 | affected |
| VMware | Cloud Foundation | 5.x, 4.5.x | affected |
| VMware | Workstation | 17.x < 17.6.4 | affected |
| VMware | Fusion | 13.x < 13.6.4 | affected |
| VMware | Telco Cloud Platform | 5.x, 4.x, 3.x, 2.x | affected |
| VMware | Telco Cloud Infrastructure | 3.x, 2.x | affected |
| VMware | Tools | 13.x.x < 13.0.1.0 | affected |
| VMware | Tools | 12.x.x, 11.x.x, < 12.5.3 | affected |
Weaknesses
- CWE-908: CWE-908 Use of Uninitialized Resource
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.