1.0 Introduction
Recently, Broadcom issued a critical security update for VMware products to address multiple high-impact vulnerabilities affecting VMware ESXi, Workstation, Fusion, Tools and multiple cloud platforms (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239).
2.0 Impact
The exploitation of these vulnerabilities could allow a malicious actor with administrative access on a virtual machine to execute arbitrary code on the host system or leak sensitive memory data, potentially leading to full compromise of the host environment or unauthorized information disclosure.
3.0 Affected Products
- VMware Cloud Foundation
- VMware vSphere Foundation
- VMware ESXi
- VMware Workstation Pro
- VMware Fusion
- VMware Tools
- VMware Telco Cloud Platform
- VMware Telco Cloud Infrastructure
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the
VMware Advisories
and apply the necessary updates.
Kindly refer to the following URL:
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web:
https://www.cybersecurity.my
5.0 References