ZDI 2026-03-16

ZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability

CVE-2025-41237

Machine-generated analysis · WAYSCloud LLM

The vulnerability is a local privilege escalation in VMware ESXi's VMCI component, requiring high-privileged code execution in a guest VM as a prerequisite.

Context

The affected product is VMware ESXi, specifically involving the Virtual Machine Communication Interface (VMCI) component. The vulnerability is an integer underflow that enables local privilege escalation. An attacker must already have high-privileged code execution within the guest system to exploit this flaw. The advisory notes the CVSS score is 8.2, indicating a relatively high impact within the defined exploit conditions.

Operator considerations

Check: VMware ESXi systems using VMCI for inter-VM communication.\nPatch: Apply updates if VMware releases a fix for CVE-2025-41237.

From Zero Day Initiative ↗

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2025-41237.

Read the full advisory on ZDI →