VMware ESXi

CVEs (7)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-41238	Broadcom Corporation VMware ESXi	Cri	0.60	9.3	0.00	Jul 15, 2025	VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as…
CVE-2025-41239	Broadcom Corporation VMware ESXi	Hig	0.46	7.1	0.00	Jul 15, 2025	VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak…
CVE-2025-41226	Broadcom Corporation VMware ESXi	Med	0.44	6.8	0.00	May 20, 2025	VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service…
CVE-2017-4940	VMware ESXi Host Client	Med	0.40	6.1	0.00	Dec 20, 2017	The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting…
CVE-2025-41227	Broadcom Corporation VMware ESXi	Med	0.36	5.5	0.00	May 20, 2025	VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading…
CVE-2025-41228	Broadcom Corporation VMware ESXi	Med	0.31	4.3	0.06	May 20, 2025	VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect…
CVE-2007-5671	VMware Workstation		0.00	—	0.00	Jun 5, 2008	HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments…

CVE-2025-41238CriJul 15, 2025
Broadcom Corporation
VMware ESXi
risk 0.60cvss 9.3epss 0.00
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as…
CVE-2025-41239HigJul 15, 2025
Broadcom Corporation
VMware ESXi
risk 0.46cvss 7.1epss 0.00
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak…
CVE-2025-41226MedMay 20, 2025
Broadcom Corporation
VMware ESXi
risk 0.44cvss 6.8epss 0.00
VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service…
CVE-2017-4940MedDec 20, 2017
VMware
ESXi Host Client
risk 0.40cvss 6.1epss 0.00
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting…
CVE-2025-41227MedMay 20, 2025
Broadcom Corporation
VMware ESXi
risk 0.36cvss 5.5epss 0.00
VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading…
CVE-2025-41228MedMay 20, 2025
Broadcom Corporation
VMware ESXi
risk 0.31cvss 4.3epss 0.06
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect…
CVE-2007-5671Jun 5, 2008
VMware
Workstation
risk 0.00cvss —epss 0.00
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments…