VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue to execute code on the host. Non VMXNET3 virtual adapters are not affected by this issue.
VMware vSphere/ESXi 8.0
APT
CVE-2025-41236
NVD
Refer to CVE-2025-41236 NVD advisory