CVE-2025-41226: Guest Operations Denial-of-Service Vulnerability
Description
VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled.
Classification
CVE ID: CVE-2025-41226
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.8
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Problem Types
CWE-400 Uncontrolled Resource ConsumptionAffected Products
Vendor: n/a
Product: VMware ESXi, VMware Cloud Foundation, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 5.79% (scored less or equal to compared to others)
EPSS Date: 2025-06-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-41226https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717