CVE-2025-62627

Summary

An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in loss of confidentiality or availability.

Affected Software

VendorProductVersion RangeStatus
AMDESXi 8.x and ESXi 9.x hosts using AMD-Pensando DPU productsESXi 8.0U3i, included in VCF 5.2.3.0 or 9.0.2 releasesunaffected

Weaknesses

  • CWE-822: CWE-822 Untrusted Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References