PatchSiren cyber security CVE debrief
CVE-2025-41239 VMware CVE debrief
CVE-2025-41239 is a high-severity information disclosure vulnerability in VMware vSockets caused by uninitialized memory in VMware ESXi, Workstation, Fusion, and VMware Tools. In the Rockwell Automation advisory, several VMware-dependent offerings are affected, including Industrial Data Center (IDC) with VMware, VersaVirtual Appliance (VVA) with VMware, Threat Detection Managed Services (TDMS) with VMware, Endpoint Protection Service with Rockwell Automation Proxy & VMware only, and Engineered and Integrated Solutions with VMware. The issue can leak memory from processes communicating with vSockets, so defenders should prioritize VMware patching and follow the vendor remediation paths cited in the advisory.
- Vendor
- VMware
- Product
- Industrial Data Center (IDC) with VMware
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-31
- Original CVE updated
- 2025-07-31
- Advisory published
- 2025-07-31
- Advisory updated
- 2025-07-31
Who should care
OT and industrial IT teams running Rockwell Automation VMware-based offerings, virtualization administrators responsible for ESXi/Workstation/Fusion/VMware Tools, managed service operators, and security teams protecting sensitive engineering or operational environments.
Technical summary
The underlying flaw is an information disclosure condition in VMware vSockets resulting from use of uninitialized memory. The supplied CVSS 3.1 vector is AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, which indicates a local attack path with a confidentiality impact only, but with high confidentiality severity. Rockwell’s CSAF advisory maps the issue to five VMware-dependent product families and points users to Broadcom/VMware remediation advisories and Rockwell support guidance.
Defensive priority
High. Patch or otherwise remediate affected VMware components promptly, especially where VMware-based Rockwell offerings process sensitive data. Even without integrity or availability impact, memory disclosure can expose credentials, configuration details, or other confidential process data.
Recommended defensive actions
- Inventory Rockwell Automation offerings and underlying VMware components to confirm whether any of the five affected product families are in use.
- Follow the Broadcom/VMware remediation guidance referenced by Rockwell for ESXi, Workstation, Fusion, and VMware Tools.
- If you have an active Rockwell Automation Infrastructure Managed Service or Threat Detection Managed Service contract, coordinate remediation through Rockwell’s contact process.
- If immediate upgrading is not possible, apply Rockwell’s stated security best practices and compensating controls as a temporary measure.
- Prioritize systems that process sensitive operational or engineering data, since the issue can leak memory from processes communicating with vSockets.
Evidence notes
The source corpus is a CISA CSAF advisory (ICSA-25-212-02) published and last modified on 2025-07-31. It states that an information disclosure vulnerability exists in VMware vSockets because of uninitialized memory in ESXi, Workstation, Fusion, and VMware Tools, and that exploitation can leak memory from processes communicating with vSockets. The advisory lists five affected Rockwell Automation product families and references Broadcom/VMware remediation pages plus Rockwell support guidance. The supplied enrichment marks this CVE as not KEV-listed.
Official resources
-
CVE-2025-41239 CVE record
CVE.org
-
CVE-2025-41239 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-25-212-02 and the corresponding CVE record on 2025-07-31. Rockwell Automation’s advisory directs managed-service customers to Rockwell contacts and other customers to Broadcom/VMware remediation guidance.