VMware has released patches for several critical vulnerabilities that were demonstrated during the Pwn2Own Berlin 2025 hacking competition. Security researchers earned over $340,000 for their successful VMware exploits, with STARLabs SG receiving the highest individual payout of $150,000 for a severe flaw in VMware ESXi.
Broadcom confirmed that four vulnerabilities affecting VMware products were presented during the contest:
- CVE-2025-41236 (CVSS 9.3) is an integer overflow in the VMXNET3 network adapter. This flaw was exploited by STARLabs SG to execute code on the host from a guest VM with administrative privileges. The team received $150,000 for this demonstration.
- CVE-2025-41237 (CVSS 9.3) involves an integer underflow in the VMCI component. It was exploited by the REverse Tactics team.
- CVE-2025-41238 (CVSS 9.3) is a heap overflow vulnerability in the PVSCSI controller. Synacktiv used this flaw to gain code execution on the host from a local VM admin in VMware Workstation and earned $80,000.
- CVE-2025-41239 (CVSS 7.1) is an information disclosure issue discovered by Corentin Bayet of REverse Tactics. It was used in combination with CVE-2025-41237 in a successful exploit chain. A researcher from Theori independently reported the same vulnerability.
Reverse Tactics received $112,500 for their ESXi exploit that combined CVE-2025-41237 and CVE-2025-41239.
Broadcom stated that there is currently no evidence of these vulnerabilities being exploited in the wild.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
