ZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability

Veroeffentlicht: 2026-03-16 05:00 UTC Importiert: 2026-05-14 21:42 UTC CVSS: 9.3 Quelle-ID: zdi_pub uid_hash: d2ca29a5fdc0328f3c1ff8d93bd00a8c04b64b1e7fa235d81879dc87f4bfe01f
Zero Day Initiative (Published)

### Inhalt

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2025-41237.

### Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2025-41237

 CRITICAL 9.3 - - 2025-07-15

### Quellen-Details

ID Name Kategorie Tags Zielgruppe Sprache Feed-URL
zdi_pub

Zero Day Initiative (Published)

 threat_intel - de https://www.zerodayinitiative.com/rss/published/
Zurueck zur Eintrags-Liste