IsItPatchedInstant security status for any software version
← All products

VMware ESXi

VMware / Broadcom · Virtualization
85/100 Good

Summary iPlain-English security verdict for VMware ESXi, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

VMware ESXi currently scores 85/100 — good. 8 actively-exploited vulnerabilities (CISA KEV) affect older releases (e.g. CVE-2023-29552) — staying on the latest supported version keeps you clear of them. The latest supported release is 9.1.0.0. It's largely safe; apply minor updates as they appear. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".

Disclosure trend iNew CVEs published for VMware ESXi each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

⚠ 4 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2023-29552 HIGH ● exploited EPSS 92% → fixed in 7.0 CVE-2019-5544 CRITICAL ● exploited ⚠ ransomware Out-of-bounds write EPSS 92% → see advisory CVE-2020-3992 CRITICAL ● exploited ⚠ ransomware Use-after-free EPSS 90% → see advisory CVE-2024-37085 MEDIUM ● exploited ⚠ ransomware Improper authentication EPSS 80% → see advisory CVE-2025-22224 CRITICAL ● exploited CWE-367 EPSS 47% → see advisory CVE-2025-22225 HIGH ● exploited ⚠ ransomware Out-of-bounds write EPSS 10% → see advisory CVE-2025-22226 HIGH ● exploited Out-of-bounds read EPSS 4% → see advisory CVE-2010-3904 HIGH ● exploited CWE-1284 EPSS 2% → see advisory CVE-2017-5753 MEDIUM CWE-203 EPSS 94% → see advisory CVE-2021-21974 HIGH Out-of-bounds write EPSS 56% → see advisory CVE-2010-0211 CRITICAL CWE-252 EPSS 43% → see advisory CVE-2012-1516 CRITICAL Memory corruption EPSS 2% → see advisory

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each VMware ESXi release line is supported — and when it sunsets.

9.1 latest 9.1.0.0 Supported until 2028-08-12
9.0 latest 9.0.2.0 Supported until 2027-09-17
8.0 latest 8.0 Update 3j Supported until 2027-10-11
7.0 latest 7.0 Update 3w End of life ended 2025-10-02
6.7 latest 6.7 Update 3w End of life ended 2022-10-15
6.5 latest 6.5 ESXi650-202403001 End of life ended 2022-10-15
6.0 latest 6.0 EP 25 End of life ended 2020-03-12
5.5 latest 5.5 Update 3k End of life ended 2018-09-19
5.1 latest 5.1 Update 3d End of life ended 2016-08-24
5.0 latest 5.0 Update 3g End of life ended 2016-08-24
See all upcoming end-of-life dates →

ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping

Last checked: Wed, 10 Jun 2026 22:18:30 UTC