Vmware esxi

This hub aggregates every CVE we track for Vmware esxi, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Vmware esxi.

• CVE-2025-41239vSockets information-disclosure vulnerability7.1Jul 15, 2025
• CVE-2025-41238PVSCSI heap-overflow vulnerability9.3Jul 15, 2025
• CVE-2025-41237VMCI integer-underflow vulnerability9.3Jul 15, 2025
• CVE-2025-41236VMXNET3 integer-overflow vulnerability9.3Jul 15, 2025
• CVE-2025-41228VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability4.3May 20, 2025
• CVE-2025-41227Denial-of-Service Vulnerability5.5May 20, 2025
• CVE-2025-41226Guest Operations Denial-of-Service Vulnerability6.8May 20, 2025
• CVE-2025-22226VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine ma...KEV7.1Mar 4, 2025
• CVE-2025-22225VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.KEV8.2Mar 4, 2025
• CVE-2025-22224VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual m...KEV9.3Mar 4, 2025
• CVE-2022-28693Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.4.7Feb 14, 2025
• CVE-2024-37086VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read ...6.8Jun 25, 2024
• CVE-2024-37085VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configure...KEV6.8Jun 25, 2024
• CVE-2024-22273The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may...8.1May 21, 2024
• CVE-2024-22255Information disclosure vulnerability7.1Mar 5, 2024