CVE-2025-41239Use of Uninitialized Resource in Vmware Esxi

CWE-908Use of Uninitialized Resource3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 81.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Vmware EsxiVmware FusionVmware Tools+4 more
Timeline
PublishedJul 15

Description

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 2.5 | Impact: 4.0

Affected Packages7 packages

CVEListV5vmware/esxi8.0ESXi80U3f-24784735+2
CVEListV5vmware/tools13.x.x13.0.1.0+1
CVEListV5vmware/fusion13.x13.6.4
CVEListV5vmware/workstation17.x17.6.4
CVEListV5vmware/cloud_foundation5.x, 4.5.x

🔴Vulnerability Details

2
CVEList
vSockets information-disclosure vulnerability2025-07-15
GHSA
GHSA-8p72-rxh7-qv97: VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSo2025-07-15
CVE-2025-41239 — Use of Uninitialized Resource | cvebase