Volerion logoVolerion
Volerion logoVolerion

VMware Products VMXNET3 Integer-Overflow Vulnerability Allowing Host Code Execution

Vulnerability

A critical integer-overflow vulnerability has been identified in the VMXNET3 virtual network adapter used by VMware ESXi, Workstation, and Fusion. This vulnerability allows a malicious actor with local administrative privileges on a virtual machine to execute code on the host. The issue does not affect virtual adapters other than VMXNET3.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the host machine.

Remediation

Users can apply the patches available in the 'Fixed Version' column of the 'Response Matrix' found in the VMware Security Advisory VMSA-2025-0013. Additional guidance for updating VMware Tools asynchronously is also available in the FAQ section of the advisory.

Added: Jul 15, 2025, 7:25 PM
Updated: Jul 15, 2025, 8:20 PM

Vulnerability Rating

Custom Algorithm
spread
6.8
impact
7.5
exploitability
3.5
remediation
7.7
relevance
0.3
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.