Esxi
This hub aggregates every CVE we track for Esxi. Use it to gauge the current risk picture and drill into individual advisories.
other
146
CVEs tracked
22
Critical
58
High
8
In CISA KEV
Severity distribution
MEDIUM60HIGH58CRITICAL22LOW6
Monthly trend
0
0
0
0
0
0
0
0
3
0
3
0
4
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Esxi.
- CVE-2025-41239vSockets information-disclosure vulnerability7.1
- CVE-2025-41238PVSCSI heap-overflow vulnerability9.3
- CVE-2025-41237VMCI integer-underflow vulnerability9.3
- CVE-2025-41236VMXNET3 integer-overflow vulnerability9.3
- CVE-2025-41228VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability4.3
- CVE-2025-41227Denial-of-Service Vulnerability5.5
- CVE-2025-41226Guest Operations Denial-of-Service Vulnerability6.8
- CVE-2025-22226VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine ma...KEV7.1
- CVE-2025-22225VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.KEV8.2
- CVE-2025-22224VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual m...KEV9.3
- CVE-2024-37086VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read ...6.8
- CVE-2024-37085VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configure...KEV6.8
- CVE-2024-22273The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may...8.1
- CVE-2024-22255Information disclosure vulnerability7.1
- CVE-2024-22254Out-of-bounds write vulnerability7.9
Product normalization is registry-driven with AI assist and human review. How it works