Broadcom (VMware) has published an update on multiple security vulnerabilities for their products VMware ESXi and VMware Tools.
These are listed as CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239 with a severity classification as critical. Read more from Broadcom below.
Support Content Notification - Support Portal - Broadcom support portal
|
VMware Product |
Component |
Version |
Running on |
CVE |
CVSSv3 |
Severity |
Fixed version |
Workarounds |
Documentation |
|
VMware Cloud Foundation VMware vSphere Foundation |
ESX | 9.0.0.0 | Any |
CVE-2025-41236, CVE-2025-41238, CVE-2025-41239 |
N/A | N/A | Unaffected | N/A | N/A |
| ESX | 9.0.0.0 | Any | CVE-2025-41237 | 8.4 | Important | ESXi-8.0.0.0[00-24813473 | None | Additional guidance for updating VMware Tools asynchronously is available in the FAQ | |
| VMware Tools [1] | 1 3 0 0 | Windows | CVE-2025-41239 | 6.2 | Moderate | 13.0.1.0 | None | FAQ | |
| VMware ESXi | N/A | 8.0 | Any |
CVE-2025-41237, CVE-2025-41236, CVE-2025-41238, CVE-2025-41239 |
9.3, 8.4, 7.4, 7.1 | Critical | ESXi000U3d-24784796 | None | Additional guidance for updating VMware Tools asynchronously is available in the FAQ |
| VMware ESXi | N/A | 8.0 | Any |
CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239 |
9.3, 8.4, 7.4, 7.1 | Critical | ESXi000U2e-24789317 | None | Additional guidance for updating VMware Tools asynchronously is available in the FAQ |
| VMware ESXi | N/A | 7.0 | Any |
CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239 |
9.3, 8.4, 7.4, 7.1 | Critical | ESXi700U3w-24784741 | None | Additional guidance for updating VMware Tools asynchronously is available in the FAQ |
| VMware Tools [1] | N/A | 13.x.x. | Windows | CVE-2025-41239 | 6.2 | Moderate | 13.0.1.0 | None | FAQ |
| VMware Tools [1] | N/A | 12.x.x, 11.x.x | Windows | CVE-2025-41239 | 6.2 | Moderate | 12.5.3 [2] | None | FAQ |
| VMware Tools | N/A | 13.x.x, 12.x.x, 11.x.x | Linux | CVE-2025-41239 | N/A | N/A | Unaffected | N/A | N/A |
| VMware Tools | N/A | 13.x.x, 12.x.x, 11.x.x | macOS | CVE-2025-41239 | N/A | N/A | Unaffected | N/A | N/A |
Please Note: If you are using 3rd party applications like Zerto Replication, then you will need to wait until these updates are supported before patching.
Huon IT strongly recommends that you take action and update where appropriate.