PatchSiren cyber security CVE debrief
CVE-2025-41236 Rockwell Automation CVE debrief
CVE-2025-41236 is a critical integer-overflow vulnerability in VMware’s VMXNET3 virtual network adapter. CISA’s Rockwell Automation advisory maps the issue to multiple Rockwell Automation VMware-based product families and directs customers to Broadcom’s remediation guidance. The stated impact is code execution on the host.
- Vendor
- Rockwell Automation
- Product
- Industrial Data Center (IDC) with VMware
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-31
- Original CVE updated
- 2025-07-31
- Advisory published
- 2025-07-31
- Advisory updated
- 2025-07-31
Who should care
Administrators and operators of Rockwell Automation VMware-based offerings listed in the advisory—Industrial Data Center (IDC) with VMware, VersaVirtual Appliance (VVA) with VMware, Threat Detection Managed Services (TDMS) with VMware, Endpoint Protection Service with Rockwell Automation Proxy & VMware only, and Engineered and Integrated Solutions with VMware—as well as teams managing VMware ESXi, Workstation, or Fusion hosts referenced by the CVE description.
Technical summary
The advisory describes an integer-overflow in VMXNET3, a VMware virtual network adapter used in ESXi, Workstation, and Fusion. CISA assigns CVE-2025-41236 a CVSS v3.1 score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating high impact once an attacker can trigger the flaw on the relevant host path. The CSAF ties the issue to five Rockwell Automation VMware-based product families and points users without Rockwell managed-services contracts to Broadcom’s fixed ESXi release notes, including 8.0 U3f, 8.0 U2e, and 7.0 U3w.
Defensive priority
Immediate
Recommended defensive actions
- Inventory whether any of the Rockwell Automation VMware-based product families named in the advisory are deployed in your environment.
- If you have an active Rockwell Automation Infrastructure Managed Service or Threat Detection Managed Service contract, coordinate remediation with Rockwell Automation.
- If you do not have a Rockwell managed-services contract, follow the Broadcom advisories referenced in the CSAF and move to the corrected VMware releases cited there.
- Review VMware host patch status for the ESXi 8.0 U3f, 8.0 U2e, and 7.0 U3w release lines referenced by the advisory, as applicable to your environment.
- If immediate upgrading is not possible, apply the defensive best practices referenced by Rockwell Automation and CISA for industrial/managed environments.
- Track the CISA advisory ICSA-25-212-02 and the official CVE/NVD records for any updates or clarifications.
Evidence notes
All statements are grounded in the supplied CISA CSAF source item published 2025-07-31 and the official CVE/NVD links. The source description states the VMXNET3 integer-overflow condition and host code-execution impact; the remediation section maps five Rockwell Automation VMware-based product families and references Broadcom fix pages. No exploit steps or unsupported version claims are included.
Official resources
-
CVE-2025-41236 CVE record
CVE.org
-
CVE-2025-41236 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2025-07-31 as ICSA-25-212-02, with the CSAF and CVE record sharing the same publication date. Rockwell Automation’s source guidance directs impacted customers to Rockwell-managed remediation coordination or to