Security Bulletin
Summary
Vulnerabilities in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Cloud Pak Sytem has delivered updated workload nodes to VMware ESXi 83U3g.
Vulnerability Details
CVEID: CVE-2025-41236
DESCRIPTION: VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: security@vmware.com
CVSS Base score: 9.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2025-41237
DESCRIPTION: VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: security@vmware.com
CVSS Base score: 9.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2025-41238
DESCRIPTION: VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox and exploitable only with configurations that are unsupported. On Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: security@vmware.com
CVSS Base score: 9.3
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2025-41239
DESCRIPTION: VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets.
CWE: CWE-908: Use of Uninitialized Resource
CVSS Source: security@vmware.com
CVSS Base score: 7.1
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2025-41226
DESCRIPTION: VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: security@vmware.com
CVSS Base score: 6.8
CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
CVEID: CVE-2025-41227
DESCRIPTION: VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: security@vmware.com
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2025-41228
DESCRIPTION: VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: security@vmware.com
CVSS Base score: 4.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| IBM Cloud Pak System |
2.3.3.6 2.3.3.6 iFix1 2.3.3.6 iFix2 |
| IBM Cloud Pak System | 2.3.4.0 |
| IBM Cloud Pak System |
2.3.4.1 2.3.4.1 iFix1 |
| IBM Cloud Pak System | 2.3.6.0 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading IBM Cloud Pak System workload nodes.
This Security Bulletin applies to IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite.
IBM Cloud Pak System delivered update workload nodes to VMware ESXi 80u3g along with IBM Cloud Pak System v2.3.6.1.
For IBM Cloud Pak System V2.3.6.1, update both Platform Systems Manager (PSM) and the workload nodes to VMware ESXi 80u3g. In addition, update vCenter to vCenter 80u3g (targeted availability 4Q2025).
For IBM Cloud Pak System V2.3.3.6, V2.3.3.6 iFix1, V2.3.3.6 iFix 2, V2.3.4.0 , V2.3.4.1, V2.3.4.1 iFix1
upgrade to IBM Cloud Pak System V2.3.6.0, then ESXi Image fix at Fix Central
Information on upgrading available at https://www.ibm.com/support/pages/node/7229883
or
upgrade to IBM Cloud Pak System V2.3.6.1 at IBM Fix Central.
For IBM Cloud Pak System V2.3.6.0
apply fix at Fix Central
or
upgrade to IBM Cloud Pak System V2.3.6.1 at IBM Fix Central.
Customers can contact IBM support/open case to SWAT.
Information on upgrading available at http://www.ibm.com/support/docview.wss?uid=ibm10887959
For unsupported versions the recommendation is to upgrade to supported version of the product.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
Change History
29 Sep 2025: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
29 September 2025
UID
ibm17245170