CVE-2025-62623

Summary

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMDESXi 8.x and ESXi 9.x hosts using AMD-Pensando DPU productsESXi 8.0U3i, included in VCF 5.2.3.0 or 9.0.2 releasesunaffected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References