Skip to Content

Is Your VMware at Risk? Learn the Vital Fixes from the July 2025 Security Alert

By: Author Alex Lim

Posted on

Categories Virtualization

Home » Virtualization » Is Your VMware at Risk? Learn the Vital Fixes from the July 2025 Security Alert

Are Dangerous Bugs in VMware Leaving Your Data Exposed? Here’s How to Secure Your System Now!

A new security bulletin was published on July 15, 2025, for VMware ESXi, Workstation, Fusion, and VMware Tools. Some problems in these products could let someone break into computers that run virtual machines. Updating is needed to keep everything safe.

Why You Should Care

These bugs can make bad things happen. If someone with admin access in a virtual machine uses these bugs, they could run code on the host computer. This might mean they can take over the whole machine.

If many people use the same computer or if it runs in a business, the risk is even bigger.

No workaround is available—only patching fixes the risk.

What Are the Problems?

CVE-2025-41236: VMXNET3 Integer Overflow

Severity: Critical, score 9.3

What it does: Lets someone run their code on the host if they have admin rights inside a VM using the VMXNET3 virtual network card.

Who is affected: ESXi, Workstation, and Fusion that use VMXNET3.

CVE-2025-41237: VMCI Integer Underflow

Severity: Critical, score 9.3

What it does: Lets attackers run code as the VMX process on the host. On ESXi, it’s limited; on Workstation and Fusion, it could mean full host control.

Who is affected: ESXi, Workstation, Fusion.

CVE-2025-41238: PVSCSI Heap Overflow

Severity: Critical, score 9.3

What it does: Bad actors with admin rights inside a VM might run code on the host. On ESXi, only possible in unsupported setups.

Who is affected: ESXi (limited), Workstation, Fusion.

CVE-2025-41239: vSockets Information Disclosure

Severity: Important, score 7.1

What it does: May let attackers read memory from other processes. This can leak important information like cryptographic keys.

Who is affected: ESXi, Workstation, Fusion, VMware Tools.

Which Products Need Updates?

  • VMware ESXi (many versions)
  • Workstation Pro (17.x)
  • Fusion (13.x)
  • VMware Tools (11.x.x to 13.x.x)
  • Cloud Foundation and other systems using these tools.

Steps to Stay Safe

  1. Update Fast: Download and install the fixes as soon as possible.
  2. What to Update:
    • ESXi: Move to patched versions for 7.x or 8.0 U3b and above.
    • Workstation Pro: Use version 17.6.4.
    • Fusion: Use version 13.6.4.
    • VMware Tools: Update to 13.0.1.0 or 12.5.3, depending on what your system supports.
  3. Check for Updates: Sometimes, automatic update checks do not work. Instead, download directly from trusted sources.
  4. Use Both Hypervisor and Tools Updates: Updating only one part leaves risks open. Both must be patched for full protection.

Where to Get the Updates

VMware Tools Download

Use packages.vmware.com/tools/releases/latest/ to get the newest version.

VMware Workstation Pro and Fusion

Confirmed by multiple sources, these have been made free for personal and business use since November 2024. Patches can be found on official tech documentation and curated download portals.

Those without Broadcom accounts may find direct download links shared on reputable tech blogs or forums. Some users report issues with official servers, so trusted mirrors highlighted on tech sites or from community recommendations may help.

Release Notes and Details

Read the full update notes to understand all fixes and known issues for Windows and macOS releases.

If You Can’t Download Directly

Some official sites now require a Broadcom account to access downloads. If downloads are locked, seek help from verified community channels, trusted colleagues, or through links shared by highly-regarded tech forums.

Tech communities have compiled workaround download links that sometimes bypass the need for portal access, especially for VMware Tools and older hypervisor versions.

Important Reminders

  • Critical security bugs in virtualization software can let attackers move from a virtual machine to the host. Patching closes these serious gaps.
  • Delaying updates or missing even one patch could put devices and data in harm’s way.
  • Always download updates from trusted sources or official documentation links.

Patch now to protect your virtual computers and important data. If you hit trouble getting updates, join technology forums, ask trusted friends in IT, or look for direct community-provided links. Quick action keeps your systems safe and your work trouble-free