CVE-2025-41226Uncontrolled Resource Consumption in Vmware Esxi

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 67.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Vmware EsxiVmware Cloud FoundationVmware Telco Cloud Infrastructure+1 more
Timeline
PublishedMay 20

Description

VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.3 | Impact: 4.0

Affected Packages4 packages

CVEListV5vmware/esxi8.0ESXi80U3se-24659227+1
CVEListV5vmware/cloud_foundation5.x, 4.5.x
CVEListV5vmware/telco_cloud_platform5.x, 4.x, 3.x, 2.x

🔴Vulnerability Details

2
CVEList
Guest Operations Denial-of-Service Vulnerability2025-05-20
GHSA
GHSA-jfjv-vw9w-9w8v: VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation2025-05-20
CVE-2025-41226 — Uncontrolled Resource Consumption | cvebase