CNNVD-202507-2062 Information
CNNVD ID
CNNVD-202507-2062
Related CVE
- CNNVD Published: 2025-07-15
Description (Chinese)
VMware ESXi等都是美国威睿(VMware)公司的产品。VMware ESXi是一套可直接安装在物理服务器上的服务器虚拟化平台。VMware Workstation是一套虚拟机软件。VMware Fusion是一套专用于在苹果机(Mac)上运行Windows应用程序的的虚拟机软件。 VMware多款产品存在缓冲区错误漏洞,该漏洞源于VMCI存在整数下溢,可能导致越界写入和执行任意代码。以下产品受到影响:VMware ESXi、Workstation和Fusion。
Description (English)
VMware ESXi and others are products of VMware. VMware ESXi is a virtual platform for servers that can be installed directly on physical servers. VMware Workstation is a virtual machine software. VMware Fusion is a virtual machine software designed to run Windows applications on Mac. VMware’s multiple products have a buffer zone error loophole, which stems from the integer run-down of VMCI, which could lead to cross-border writing and enforcement of arbitrary codes. The following products were affected: VMware ESXi, Workstation and Fusion.
Hazard Level
Low
Vulnerability Type
缓冲区错误
Affected Vendor
Void
Published
2025-07-15
Last Modified
2026-02-24
References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877 https://nvd.nist.gov/vuln/detail/CVE-2025-41237