Primary

Context

VMware ESXi, Workstation, and Fusion Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in VMware ESXi, Workstation, and Fusion. This issue arises from certain guest options, allowing a malicious actor with non-administrative privileges within a guest operating system to exhaust the memory of the host process. This memory exhaustion can lead to a denial-of-service condition, causing disruptions in service or performance.

Impact

Exploitation of this vulnerability can cause memory exhaustion on the host process, leading to a denial-of-service condition.

Remediation

Users can upgrade to VMware Workstation version 17.6.3 or VMware Fusion version 13.6.3. For VMware ESXi, the update to version 8.0 U3e or 7.0 U3v is recommended. VMware Cloud Foundation users should refer to the async patching guide available on the Broadcom Knowledge Base.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware ESXi, Workstation, and Fusion Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

VMware ESXi

VMware vCenter Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating