What is it?
Broadcom VMWare is a popular virtualization server software that allows more than one virtual server to run on a single physical server. Different virtual servers may run different operating systems.
Several versions of VMWare (ESXi, Workstation, Fusion and Tools) have various memory management problems. Specifically: Integer Overflow (41236), Integer Underflow (41237), Heap Overflow (41238) and vSockets information disclosure.
Why is it a risk?
An attacker may exploit any of these vulnerabilities to execute malicious code in either the virtual server or the host/physical server.
The Cyber Security News link below provides more detail regarding each vulnerability.
Broadcom has assigned a severity of CRITICAL to these vulnerabilities.
How can you mitigate the risk?
The Broadcom Support link below shows a table (about 2/3 of the way down the page). Find your specific product row in the table and apply the patch listed in the “Fixed Version” column.
Resources:
Cyber Security News: VMware ESXi and Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host
https://cybersecuritynews.com/vmware-esxi-and-workstation-vulnerabilities/
Broadcom Support Portal: CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877
