Post

Critical VMware Vulnerabilities Patched by Broadcom After Pwn2Own Berlin 2025

Posted
By Vitus White
2 min read
Critical VMware Vulnerabilities Patched by Broadcom After Pwn2Own Berlin 2025

TL;DR

Broadcom has patched four critical vulnerabilities in VMware products that were exploited during the Pwn2Own Berlin 2025 hacking contest. White hat hackers earned a total of $340,000 for demonstrating these exploits. The patches address severe flaws, including integer overflow, integer underflow, heap overflow, and information disclosure issues.

Critical VMware Vulnerabilities Patched by Broadcom After Pwn2Own Berlin 2025

Broadcom has recently addressed four critical vulnerabilities in VMware products that were demonstrated during the Pwn2Own Berlin 2025 hacking contest. White hat hackers earned over $340,000 for successfully exploiting these vulnerabilities, with $150,000 awarded to STARLabs SG for leveraging an integer overflow flaw to compromise VMware ESXi.

Vulnerability Descriptions

  1. CVE-2025-41236 (CVSS score of 9.3): An integer overflow in the VMXNET3 adapter exploited by STARLabs SG. This flaw allows attackers with administrative access on a virtual machine to execute code on the host. STARLabs SG earned $150,000 for demonstrating this exploit at Pwn2Own1.

  2. CVE-2025-41237 (CVSS score of 9.3): An integer underflow in VMCI exploited by REverse Tactics2.

  3. CVE-2025-41238 (CVSS score of 9.3): A heap overflow in the PVSCSI controller leveraged by Synacktiv. Synacktiv earned $80,000 at Pwn2Own for exploiting this critical VMware Workstation flaw, which allows a local VM administrator to execute code on the host2.

  4. CVE-2025-41239 (CVSS score of 7.1): An information disclosure flaw discovered by Corentin BAYET of REverse Tactics. This vulnerability was chained with CVE-2025-41237 at Pwn2Own. A researcher from Theori also independently discovered CVE-2025-412392.

The REverse Tactics team earned $112,500 for an ESXi exploit using the bugs CVE-2025-41237 and CVE-2025-412392.

Broadcom’s Statement

Broadcom has stated that there is no evidence of these vulnerabilities being exploited in the wild. “Broadcom has no information to suggest that exploitation of these issues has occurred in the wild,” the company stated3.

Follow for More Updates

For the latest updates and insights, follow @securityaffairs on Twitter, Facebook, and Mastodon.

For more details, visit the full article: source.

Conclusion

The patching of these critical VMware vulnerabilities underscores the importance of ongoing security research and the role of events like Pwn2Own in identifying and mitigating potential threats. As cybersecurity continues to evolve, staying vigilant and proactive in addressing vulnerabilities remains crucial for maintaining robust digital defenses.

References

  1. (2025). “Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025”. Broadcom. Retrieved 2025-07-18. ↩︎

  2. Paganini, Pierluigi (2025). “Pwn2Own Berlin 2025 total prize money reached $1,078,750”. Security Affairs. Retrieved 2025-07-18. ↩︎ ↩︎2 ↩︎3 ↩︎4

  3. (2025). “Broadcom Security Advisory”. Broadcom. Retrieved 2025-07-18. ↩︎

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity vmware pwn2own
This post is licensed under CC BY 4.0 by the author.