VMware ESXi, Workstation, Fusion, and VMware Tools... · CVE-2025-41239 · GitHub Advisory Database · GitHub

VMware ESXi, Workstation, Fusion, and VMware Tools...

High severity Unreviewed Published Jul 15, 2025 to the GitHub Advisory Database • Updated Jul 15, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.

References

Published by the National Vulnerability Database

Jul 15, 2025

Published to the GitHub Advisory Database Jul 15, 2025

Last updated Jul 15, 2025

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N