CVE-2025-62627

CVSS 7.2 HIGHEPSS 0.1%CWE-822

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in loss of confidentiality or availability.

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:H/SI:L/SA:H

Affected products

AMD · ESXi 8.x and ESXi 9.x hosts using AMD-Pensando DPU products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-2001.html