VMware has released an update to patch multiple security vulnerabilities for their products VMware ESXi, vCenter Server, Workstation, and Fusion. These are listed as CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 with a severity classification as high.
| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version |
|---|---|---|---|---|---|---|
| vCenter Server | 8.0 | Any | CVE-2025-41225, CVE-2025-41228 | 8.8, 4.3 | Important | 8.0 U3e |
| vCenter Server | 7.0 | Any | CVE-2025-41225 | 8.8 | Important | 7.0 U3v |
| VMware ESXi | 8.0 | Any | CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 | 6.8, 5.5, 4.3 | Moderate | ESXi80U3se-24659227 |
| VMware ESXi | 7.0 | Any | CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 | 6.8, 5.5, 4.3 | Moderate | ESXi70U3sv-24723868 |
| VMware Cloud Foundation (vCenter) | 5.x | Any | CVE-2025-41225, CVE-2025-41228 | 8.8, 4.3 | Important | Async patch to 8.0 U3e |
| VMware Cloud Foundation (vCenter) | 4.5.x | Any | CVE-2025-41225 | 8.8 | Important | Async patch to 7.0 U3v |
| VMware Cloud Foundation (ESXi) | 5.x | Any | CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 | 6.8, 5.5, 4.3 | Moderate | Async patch to ESXi80U3se-24659227 |
| VMware Cloud Foundation (ESXi) | 4.5.x | Any | CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 | 6.8, 5.5, 4.3 | Moderate | Async patch to ESXi70U3sv-24723868 |
| VMware Telco Cloud Platform (ESXi) | 5.x, 4.x, 3.x, 2.x | Any | CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 | 6.8, 5.5, 4.3 | Moderate | ESXi80U3se-24659227 |
| VMware Telco Cloud Infrastructure (ESXi) | 3.x | Any | CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 | 6.8, 5.5, 4.3 | Moderate | ESXi80U3se-24659227 |
| VMware Telco Cloud Infrastructure (ESXi) | 2.x | Any | CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 | 6.8, 5.5, 4.3 | Moderate | ESXi70U3sv-24723868 |
| VMware Telco Cloud Platform (vCenter) | 5.x, 4.x, 3.x, 2.x | Any | CVE-2025-41225, CVE-2025-41228 | 8.8, 4.3 | Important | 8.0 U3e |
| VMware Telco Cloud Infrastructure (vCenter) | 3.x | Any | CVE-2025-41225 | 8.8 | Important | 8.0 U3e |
| VMware Telco Cloud Infrastructure (vCenter) | 2.x | Any | CVE-2025-41225 | 8.8 | Important | 7.0 U3v |
| VMware Workstation | 17.x | Any | CVE-2025-41227 | 5.5 | Moderate | 17.6.3 |
| VMware Fusion | 13.x | macOS | CVE-2025-41227 | 5.5 | Moderate | 13.6.3 |
Please note: If you are using 3rd party applications like Zerto Replication, then you will need to wait until these updates are supported before patching. Huon IT strongly recommends that you action and update where appropriate.