1. Impacted Products

• VMware ESXi
• VMware vCenter Server
• VMware Workstation Pro 
• VMware Fusion
• VMware Cloud Foundation
• VMware Telco Cloud Platform
• VMware Telco Cloud Infrastructure

2. Introduction

Multiple vulnerabilities in ESXi, vCenter Server, and Workstation were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

3a. VMware vCenter Server authenticated command-execution vulnerability (CVE-2025-41225) 

Description:
The vCenter Server contains an authenticated command-execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.

Known Attack Vectors:
A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.

Resolution:
To remediate CVE-2025-41225 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgments:
VMware would like to thank Oliver Bachtik and Bert De Bruijn for reporting this issue to us.

Notes:
None.

3b. Guest Operations Denial-of-Service Vulnerability (CVE-2025-41226) 

Description:
VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.

Known Attack Vectors:
A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled.

Resolution:
To remediate CVE-2025-41226 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgments:
VMware would like to thank security researcher Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) of Statnett (Norway) and Uros Orozel for independently reporting this issue to us.

Notes:
None.

3c. Denial-of-Service Vulnerability (CVE-2025-41227) 

Description:

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5.

Known Attack Vectors:
A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition.

Resolution:
To remediate CVE-2025-41227 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgments:
VMware would like to thank the National Security Agency for reporting this issue to us.

Notes:
None.

3d. VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability (CVE-2025-41228) 

Description:
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors:
A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.

Resolution:
To remediate CVE-2025-41228 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgments:
VMware would like to thank Huang for reporting this issue to us.

Notes:
None.

Response Matrix: 

4. References:

Fixed Version(s) and Release Notes:

VMware vCenter Server 8.0 U3e
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5826
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/vcenter-server-update-and-patch-release-notes/vsphere-vcenter-server-80u3e-release-notes.html

VMware vCenter Server 7.0 U3v
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5849
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/vcenter-server-update-and-patch-releases/vsphere-vcenter-server-70u3v-release-notes.html

VMware ESXi 8.0 ESXi80U3se-24659227
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5825
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3e-release-notes.html

VMware ESXi 7.0 ESXi70U3sv-24723868
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5848
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3v-release-notes.html

VMware Workstation 17.6.3
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Windows&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Linux&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/workstation-pro/17-0/release-notes/vmware-workstation-1763-pro-release-notes.html

VMware Fusion 13.6.3
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Fusion&displayGroup=VMware%20Fusion%2013&release=13.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/fusion-pro/13-0/release-notes/vmware-fusion-1363-release-notes.html

KB Articles:
Cloud Foundation 5.x/4.5.x:
https://knowledge.broadcom.com/external/article?legacyId=88287

Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2025-41225
https://www.cve.org/CVERecord?id=CVE-2025-41226
https://www.cve.org/CVERecord?id=CVE-2025-41227
https://www.cve.org/CVERecord?id=CVE-2025-41228

FIRST CVSSv3 Calculator: 
CVE-2025-41225: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2025-41226: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2025-41227: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2025-41228: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

5. Change Log:

2025-05-20 VMSA-2025-0010
Initial security advisory.

6. Contact:

E-mail: [email protected]

PGP key
https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog
https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

Copyright 2025 Broadcom. All rights reserved