CVE-2025-41227Uncontrolled Resource Consumption in Vmware Esxi

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 74.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Vmware EsxiVmware FusionVmware Workstation+3 more
Timeline
PublishedMay 20

Description

VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5vmware/esxi8.0ESXi80U3se-24659227+1
CVEListV5vmware/fusion13.x13.6.3
CVEListV5vmware/workstation17.x17.6.3
CVEListV5vmware/cloud_foundation5.x, 4.5.x
CVEListV5vmware/telco_cloud_platform5.x, 4.x, 3.x, 2.x

🔴Vulnerability Details

2
GHSA
GHSA-h593-cg7r-4hp4: VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options2025-05-20
CVEList
Denial-of-Service Vulnerability2025-05-20
CVE-2025-41227 — Uncontrolled Resource Consumption | cvebase