Several critical VMware product vulnerabilities disclosed at Pwn2Own Berlin 2025 have been patched by broadcom, with significant bug bounties awarded. These vulnerabilities, including CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239, could allow attackers with local privileges to execute arbitrary code or leak memory. #VMwareESXi #VMwareWorkstation #CVE202541236 #Pwn2Own
Keypoints
- Broadcom released patches for multiple VMware product vulnerabilities discovered at Pwn2Own Berlin 2025.
- Participants earned over $1 million in total rewards, with $340,000 specifically for VMware exploits.
- Critical bugs include CVE-2025-41236 related to VMXNET3, allowing remote code execution on hosts.
- The vulnerabilities impact VMware ESXi, Workstation, Fusion, and cloud platforms, among others.
- There is no evidence that these security flaws have been exploited in real-world attacks yet.
Read More: https://www.securityweek.com/vmware-flaws-that-earned-hackers-340000-at-pwn2own-patched/