CVE-2025-41237

✓ Confirmed 0-Day

Triaged: March 5, 2026 2 articles

VulnLookup ↗ NVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.12%

probability

This CVE has a 0.12% probability of being exploited in the next 30 days.

0% Top 29.9th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

VMware fixes four ESXi zero-day bugs exploited at Pwn2Own Berlin

BleepingComputer Jul 17, 2025

Security Advisory 2025-026

CERT-EU Jul 18, 2025

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.12%

Mentions 2

Last Seen Jul 18, 2025

CNA Information

Analyst Note

CVE-2025-41237 is explicitly named in BleepingComputer's article as one of four ESXi zero-day bugs exploited at Pwn2Own Berlin. The 2025 CVE publication date, recent exploitation at a major security conference, and authoritative source confirming active zero-day exploitation provide strong confirmation of zero-day status.

Threat Actors 2

Hacking Team

apt_group 🇮🇹 IT

The White Company

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026