CVE-2025-41236

✓ Confirmed 0-Day

Triaged: March 5, 2026 3 articles

VulnLookup ↗ NVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.13%

probability

This CVE has a 0.13% probability of being exploited in the next 30 days.

0% Top 31.6th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More

TheHackerNews

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin

BleepingComputer Jul 17, 2025

Security Advisory 2025-026

CERT-EU Jul 18, 2025

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.13%

Mentions 3

Last Seen Jul 18, 2025

CNA Information

Analyst Note

CVE-2025-41236 is explicitly named in BleepingComputer's article as one of four ESXi zero-day bugs exploited at Pwn2Own Berlin, a major security conference where live exploitation is demonstrated on current vulnerabilities before patches. The CVE was published 2025-07-15 with no prior patch date indicated, and the Pwn2Own context strongly indicates exploitation preceded or coincided with vendor patching.

Threat Actors 2

Hacking Team

apt_group 🇮🇹 IT

The White Company

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026