July 18, 2025 By Pierluigi Paganini
VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them.
Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025. White hat hackers earned over $340,000 for VMware exploits, including $150,000 awarded to STARLabs SG for using an integer overflow flaw to compromise VMware ESXi.
Below are the descriptions of the vulnerabilities:
- CVE-2025-41236 (CVSS score of 9.3) is an integer overflow in the VMXNET3 adapter used by STARLabs SG. The flaw could let attackers with admin access on a VM run code on the host. STARLabs SG demonstrated this flaw at Pwn2Own and earned $150,000.
- CVE-2025-41237 (CVSS score of 9.3) is an integer underflow in VMCI exploited by REverse Tactics;
- CVE-2025-41238 (CVSS score of 9.3) is a heap overflow in the PVSCSI controller leveraged by Synacktiv. Synacktiv earned $80,000 at Pwn2Own for exploiting CVE-2025-41238, a critical VMware Workstation flaw that lets a local VM admin execute code on the host.
- CVE-2025-41239 (CVSS score of 7.1) is an information disclosure flaw discovered by Corentin BAYET of REverse Tactics and was chained with CVE-2025-41237 at Pwn2Own. A researcher from Theori also independently discovered CVE-2025-41239.
