VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them.
Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025. White hat hackers earned over $340,000 for VMware exploits, including $150,000 awarded to STARLabs SG for using an integer overflow flaw to compromise VMware ESXi.
Below are the descriptions of the vulnerabilities:
- CVE-2025-41236 (CVSS score of 9.3) is an integer overflow in the VMXNET3 adapter used by STARLabs SG. The flaw could let attackers with admin access on a VM run code on the host. STARLabs SG demonstrated this flaw at Pwn2Own and earned $150,000.
- CVE-2025-41237 (CVSS score of 9.3) is an integer underflow in VMCI exploited by REverse Tactics;
- CVE-2025-41238 (CVSS score of 9.3) is a heap overflow in the PVSCSI controller leveraged by Synacktiv. Synacktiv earned $80,000 at Pwn2Own for exploiting CVE-2025-41238, a critical VMware Workstation flaw that lets a local VM admin execute code on the host.
- CVE-2025-41239 (CVSS score of 7.1) is an information disclosure flaw discovered by Corentin BAYET of REverse Tactics and was chained with CVE-2025-41237 at Pwn2Own. A researcher from Theori also independently discovered CVE-2025-41239.
The REverse Tactics team earned $112,500 for an ESXi exploit using the bugs CVE-2025-41237 and CVE-2025-41239.
Broadcom is not aware of attacks in the wild exploiting these vulnerabilities.
“Broadcom has no information to suggest that exploitation of these issues has occurred in the wild.” states the company.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)