VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HVMware Cloud Foundation
APPVmwarewszystkie wersjeVMware ESXi
OSVmware7.08.0VMware Telco Cloud Infrastructure
APPVmware2.22.52.73.0VMware Telco Cloud Platform
APPVmware2.02.52.73.04.04.0.15.0VMware Workstation
APPVmware17.0 – 17.6.3 (bez)
CISA KEV — detailsi
- Vendori
- VMware ↗
- Producti
- ESXi and Workstation
- Added to KEVi
- March 4, 2025
- Remediation deadline (US Federal)i
- March 25, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.
Related vulnerabilities
VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE
Heap overflow w VMware vCenter Server via protokół DCERPC — RCE
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in t...