Volerion logoVolerion
Volerion logoVolerion

VMware ESXi, Workstation, and Fusion VMCI Integer-Underflow Vulnerability Leading to Out-of-Bounds Write and Potential Code Execution

Vulnerability

A vulnerability exists in VMware ESXi, Workstation, and Fusion due to an integer-underflow in the Virtual Machine Communication Interface (VMCI). This flaw allows for an out-of-bounds write, which a malicious actor with local administrative privileges on a virtual machine could exploit to execute code as the VMX process on the host. While exploitation on ESXi is confined to the VMX sandbox, in Workstation and Fusion, it could result in code execution on the local machine.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, with the potential for that code to run with elevated privileges, depending on the context in which the vulnerability is exploited.

Remediation

Users can update to VMware ESXi 8.0 (ESXi80U3f-24784735), VMware Workstation 17.6.4, or VMware Fusion 13.6.4. For VMware Tools, version 13.0.1.0 is recommended.

Added: Jul 15, 2025, 7:22 PM
Updated: Jul 15, 2025, 8:17 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
10.0
exploitability
3.3
remediation
7.7
relevance
0.3
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.