Primary

Context

VMware Products vSockets Information Disclosure Vulnerability

Vulnerability

Patched

An information disclosure vulnerability has been identified in VMware ESXi, Workstation, Fusion, and VMware Tools. This vulnerability arises from the use of uninitialized memory in vSockets, potentially allowing a malicious actor with local administrative privileges on a virtual machine to leak memory from processes that communicate via vSockets.

Impact

Exploitation of this vulnerability could lead to unauthorized memory leakage from processes using vSockets, which may contain sensitive information.

Remediation

Users can update to VMware Tools version 13.0.1.0 or 12.5.3, depending on their current version. For VMware ESXi, Workstation, and Fusion, users should update to the latest versions available. Additional guidance for updating VMware Tools asynchronously is available in the VMware Tools Update Guidance FAQ.

Added: Jul 15, 2025, 7:17 PM

Updated: Jul 15, 2025, 8:11 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware Products vSockets Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

VMware ESXi

VMware Workstation

VMware Fusion

VMware Tools

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating