VMware

Tools

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2025-41244

  • EPSS 0.02%
  • Published 29.09.2025 17:15:30
  • Last modified 30.09.2025 13:15:50

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled ...

7.6

CVE-2025-41246

  • EPSS 0.03%
  • Published 29.09.2025 16:15:37
  • Last modified 29.09.2025 19:34:10

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may expl...

7.1

CVE-2025-41239

  • EPSS 0.02%
  • Published 15.07.2025 18:35:03
  • Last modified 15.07.2025 20:07:28

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to ex...

6.1

CVE-2025-22247

  • EPSS 0.05%
  • Published 12.05.2025 10:46:36
  • Last modified 14.05.2025 17:15:47

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

7.8

CVE-2025-22230

Media report
  • EPSS 0.02%
  • Published 25.03.2025 14:15:28
  • Last modified 27.03.2025 16:45:46

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

7.5

CVE-2023-34058

  • EPSS 0.03%
  • Published 27.10.2023 05:15:38
  • Last modified 06.03.2025 16:15:41

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a...

7.8

CVE-2023-34057

  • EPSS 0.08%
  • Published 27.10.2023 05:15:38
  • Last modified 06.03.2025 16:15:41

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

7.5

CVE-2023-20900

  • EPSS 0.84%
  • Published 31.08.2023 10:15:08
  • Last modified 21.11.2024 07:41:47

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if ...

3.9

CVE-2023-20867

Warning
  • EPSS 0.98%
  • Published 13.06.2023 17:15:14
  • Last modified 10.03.2025 20:43:28

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

5.5

CVE-2022-31693

  • EPSS 0.05%
  • Published 07.06.2023 14:15:09
  • Last modified 07.01.2025 17:15:10

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a...