VMware Workstation

View Only

CVE-2025-0665 - Libcurl Security Vulnerability in 25H2u1-25219725

Michael Brinschwitz posted Mar 31, 2026 04:32 AM

Hello There,

when will this security vulnerability be fixed?

Check if the version of Libcurl is equal to 8.11.1
C:\Program Files (x86)\VMware\VMware Workstation\libcurl.dll
[8.11.1.0]

Greetings

Michael

External Moderator Technogeezer posted Mar 31, 2026 10:44 AM

I don’t think that Broadcom is going to comment on this. They have a policy of not commenting on content and timing of future releases. They also don’t comment on security issues until they have a patch ready.

The curl developers indicate this CVE is a low severity issue, and that it occurs only when certain build options are chosen for lincurl. Simply checking the version of libcurl doesn’t tell us if Wotkstation is vulnerable. It is unclear if the version of libcurl in use was built with the options that expose the bug.

External Moderator Technogeezer posted Apr 08, 2026 12:14 PM

@Michael Brinschwitz - You marked my reply for moderation as not answering the question. I re-approved it (as moderator) because it did answer the question. My answer may not have matched what you want, but please understand that Broadcom doesn't comment publicly on security issues until they release a patch for it. They also don't comment on content and timing of future releases.

That's not saying that you won't get a more complete answer to your question. (never say never...). But given Broadcom policy and their past interactions here in the forum, it's highly unlikely.

We don't even know for sure if Workstation is vulnerable to this exploit. We don't know how Broadcom built and uses libcurl within Workstation and if that matches the configuration that exposed the vulnerability.

The additional comments I made are based on what I found reading the CVE and libcurl developer's response for it, and my experience as a former CISSP certified security professional.