Vmware Vsphere Foundation vulnerabilities

CVE-2025-41250 [HIGH] CWE-77 CVE-2025-41250: VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administr VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.

CVE-2025-41237 [CRITICAL] CWE-787 CVE-2025-41237: VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communica VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitat