VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
2025-03-04T12:15:33.687
2025-03-05T16:18:36.103
Analyzed
CVSSv3.1: 9.3 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 7.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Operating System | vmware | esxi | 8.0 | Yes |
| Application | vmware | cloud_foundation | - | Yes |
| Application | vmware | telco_cloud_infrastructure | 2.2 | Yes |
| Application | vmware | telco_cloud_infrastructure | 2.5 | Yes |
| Application | vmware | telco_cloud_infrastructure | 2.7 | Yes |
| Application | vmware | telco_cloud_infrastructure | 3.0 | Yes |
| Application | vmware | telco_cloud_platform | 2.0 | Yes |
| Application | vmware | telco_cloud_platform | 2.5 | Yes |
| Application | vmware | telco_cloud_platform | 2.7 | Yes |
| Application | vmware | telco_cloud_platform | 3.0 | Yes |
| Application | vmware | telco_cloud_platform | 4.0 | Yes |
| Application | vmware | telco_cloud_platform | 4.0.1 | Yes |
| Application | vmware | telco_cloud_platform | 5.0 | Yes |
| Application | vmware | workstation | < 17.6.3 | Yes |