Source: www.securityweek.com – Author: Eduard Kovacs
Broadcom informed customers this week that several VMware product vulnerabilities disclosed earlier this year at the Pwn2Own hacking competition have been patched.
Participants earned more than $1 million at the Pwn2Own Berlin 2025 competition organized by Trend Micro’s Zero Day Initiative (ZDI). More than $340,000 was paid out for exploits targeting VMware products.
The STARLabs SG team earned $150,000 for exploiting a single integer overflow bug to hack VMware ESXi.
According to Broadcom’s advisory, this critical bug impacts the VMXNET3 virtual network adapter and it can allow an attacker with local admin privileges on a VM that uses the adapter to execute arbitrary code on the host. The security hole is tracked as CVE-2025-41236.
The REverse Tactics team earned $112,500 for an ESXi exploit involving two bugs. The amount is lower than the one earned by STARLabs SG because one of the flaws was known to Broadcom.
REverse Tactics has been credited by Broadcom for two CVEs: CVE-2025-41237, a critical out-of-bounds write vulnerability that can be exploited by a privileged attacker on a VM to execute arbitrary code on the host, and CVE-2025-41239, a high-severity issue that allows a privileged attacker to leak memory.
A researcher from Theori, a company that was also represented at Pwn2Own but did not target VMware, has also been credited for independently discovering CVE-2025-41239.
Lastly, the Synacktiv team earned $80,000 at Pwn2Own for a VMware Workstation exploit. Broadcom’s advisory credits Synacktiv for CVE-2025-41238, a critical out-of-bounds write issue that can allow an attacker with local admin privileges on a VM to execute arbitrary code on the host.
Advertisement. Scroll to continue reading.
The vendor has released patches for these vulnerabilities for VMware ESXi, Workstation, Fusion, Cloud Foundation, XSphere Foundation, Telco Cloud Platform, and Tools.
In a separate FAQ document, Broadcom said it has no evidence that these vulnerabilities have been exploited in the wild.
Industrial giant Rockwell Automation on Wednesday also published an advisory to inform customers about these VMware vulnerabilities. Several Rockwell products that may use VMware components are impacted, including Industrial Data Center (IDC), VersaVirtual Appliance (VVA), Threat Detection Managed Services (TDMS), Endpoint Protection Service, and Engineered and Integrated Solutions.
Related: NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
Related: Vulnerabilities Patched by Juniper, VMware and Zoom
Original Post URL: https://www.securityweek.com/vmware-flaws-that-earned-hackers-340000-at-pwn2own-patched/
Category & Tags: Vulnerabilities,Patch,Pwn2Own,VMware,vulnerability – Vulnerabilities,Patch,Pwn2Own,VMware,vulnerability
Views: 3
