VMware ESXi
Moderate fix3 remedies
cpe:2.3:a:vmware:vsphere_esxi:*:*:*:*:*:*:*, +2 more
Moderate fix3 remedies
- 8.0
- 7.0
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
VMware ESXi, Workstation, and Fusion TOCTOU Vulnerability Leading to Out-of-Bounds Write
Vulnerability
Exploited
Patched
A TOCTOU (Time-of-Check Time-of-Use) vulnerability allowing an out-of-bounds write has been identified in VMware ESXi, Workstation, and Fusion. This vulnerability can be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the VM's VMX process on the host.
Impact
Exploitation of this vulnerability allows for unauthorized code execution within the context of the virtual machine's VMX process on the host.
Remediation
Users can apply the patches available in the VMware Product Response Matrix. For VMware ESXi, Workstation, and Fusion, the specific patch versions are listed in the 'Fixed Version' column of the Response Matrix. Additional guidance can be found in the VMware Patching Guide: KB88287.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
7.5exploitability
4.8remediation
7.7relevance
0.0threat
8.9urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.