VMware, PWN2own Berlin in Berlin, the four critical esxi abused with zero -day vulnerabilities patch the vulnerability
At the PWN2own Berlin 2025 event, the company has released updates for four zero -day deficits that have been abused by security researchers and affect VMware ESXI, Workstation, Fusion and Tools products.
VMware has released security updates for four zero -day deficit that affecting virtualization products and abused in the PWN2WN Berlin 2025 competition.
Three of these deficits are defined as high -importance weaknesses that allow the attackers to move from the virtual machine to the main system to run a command.
-
CV-2025-41236: VMXNET3 sanal ağ adaptöründe bulunan tamsayı taşması açığı. Bu zafiyet, STARLabs SG’den Nguyen Hoang Thach tarafından kullanıldı.
-
CV-2025-41237: VMCI (Virtual Machine Communication Interface) bileşeninde tamsayı alt taşması sonucu oluşan out-of-bounds yazma hatası. Açık, REverse Tactics’ten Corentin Bayet tarafından istismar edildi.
-
CV-2025-41238: PVSCSI (Paravirtualized SCSI) kontrolcüsünde bulunan heap overflow zafiyeti. Bu açık, Synacktiv’ten Thomas Bouzerar ve Etienne Helluy-Lafont tarafından kullanıldı.
Each of these three vulnerabilities has 9.3 CVSS points.
Information leakage deficit was also closed
Dördüncü açık olan CV-2025-41239It was defined as a vulnerability that could lead to leakage of information and received 7.1 violence points.
There is no solution other than patch
VMware has announced that it does not offer any temporary solution for these security deficits.
All of the deficits were shown in the PWN2OW Berlin competition held in May 2025.
Kaynak: CUMHA - CUMHUR HABER AJANSI
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
