Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

VMware Products Information Disclosure Vulnerability in HGFS

Vulnerability

Exploited

Patched

An information disclosure vulnerability has been identified in VMware ESXi, Workstation, and Fusion. This vulnerability arises from an out-of-bounds read in HGFS, which could be exploited by a malicious actor with administrative privileges to a virtual machine. The exploitation may lead to the leakage of memory from the vmx process.

Impact

Exploitation of this vulnerability could result in unauthorized memory leakage from the vmx process, potentially leading to the exposure of sensitive information.

Remediation

Users can apply the patches available in the 'Fixed Version' column of the 'Response Matrix' found in the VMware Security Advisory VMSA-2025-0004. Instructions for downloading the patch are also available in this advisory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.0

threat

8.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.0

threat

8.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

VMware Products Information Disclosure Vulnerability in HGFS

Vulnerability

Impact

Remediation

Affected Products

VMware ESXi

VMware Workstation

VMware Fusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating