Vmware Esxi
73 CVEs affecting Vmware Esxi. Latest disclosed: 2025-07-15. Critical: 6, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2012-1516 | Critical | 9.9 | 2012-05-04 | The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of… |
CVE-2010-0211 | Critical | 9.8 | 2010-07-28 | The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attac… |
CVE-2025-41238 | Critical | 9.3 | 2025-07-15 | VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write… |
CVE-2025-41237 | Critical | 9.3 | 2025-07-15 | VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A mal… |
CVE-2025-41236 | Critical | 9.3 | 2025-07-15 | VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrat… |
CVE-2025-22224 | Critical | 9.3 | 2025-03-04 | VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local admi… |
CVE-2021-21974 | High | 8.8 | 2021-02-24 | OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A… |
CVE-2017-4941 | High | 8.8 | 2017-12-20 | VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerabilit… |
CVE-2017-4933 | High | 8.8 | 2017-12-20 | VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an auth… |
CVE-2017-16544 | High | 8.8 | 2017-11-20 | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a direct… |
CVE-2017-4924 | High | 8.8 | 2017-09-15 | VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulner… |
CVE-2017-4904 | High | 8.8 | 2017-06-07 | The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG… |
CVE-2017-4903 | High | 8.8 | 2017-06-07 | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch… |
CVE-2017-4902 | High | 8.8 | 2017-06-07 | VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro /… |
CVE-2016-5330 | High | 7.8 | 2016-08-08 | Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1… |
CVE-2025-41239 | High | 7.1 | 2025-07-15 | VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A… |
CVE-2025-41226 | Medium | 6.8 | 2025-05-20 | VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM… |
CVE-2015-6933 | Medium | 6.3 | 2016-01-09 | The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7… |
CVE-2017-4940 | Medium | 6.1 | 2017-12-20 | The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerabi… |
CVE-2016-5331 | Medium | 6.1 | 2016-08-08 | CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP resp… |