Primary

Context

VMware Workstation Out-of-Bounds Read Vulnerability Allowing Limited Information Disclosure

Vulnerability

Patched

A vulnerability allowing out-of-bounds read has been identified in VMware Workstation versions 25H1 and prior. This vulnerability allows an actor with non-administrative privileges on a guest virtual machine to access limited information from the host machine where VMware Workstation is installed.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure from the host machine.

Remediation

Users can upgrade to VMware Workstation 25H2u1 to address this vulnerability. This version is available through the VMware Workstation Pro 25H2 for Windows and Linux product pages on the Broadcom Support site.

Added: Feb 27, 2026, 8:35 PM

Updated: Feb 27, 2026, 8:35 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.2

exploitability

2.4

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.2

exploitability

2.4

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware Workstation Out-of-Bounds Read Vulnerability Allowing Limited Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

VMware Workstation

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating