VMware Esxi
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in VMware Esxi.
Known Exploited VMware Esxi Vulnerabilities
The following VMware Esxi vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
VMware ESXi Arbitrary Write Vulnerability |
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox. CVE-2025-22225 Exploit Probability: 4.7% |
March 4, 2025 |
VMware ESXi Authentication Bypass Vulnerability |
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. CVE-2024-37085 Exploit Probability: 53.7% |
July 30, 2024 |
OpenSLP as used in VMware ESXi |
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. CVE-2020-3992 Exploit Probability: 90.9% |
November 3, 2021 |
The vulnerability CVE-2020-3992: OpenSLP as used in VMware ESXi is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2024-37085: VMware ESXi Authentication Bypass Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 3 vulnerabilities in VMware Esxi with an average score of 7.5 out of ten. Last year, in 2024 Esxi had 7 security vulnerabilities published. Right now, Esxi is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.15.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 3 | 7.47 |
2024 | 7 | 7.32 |
2023 | 1 | 7.50 |
2022 | 15 | 6.69 |
2021 | 3 | 8.70 |
2020 | 21 | 6.60 |
2019 | 11 | 7.14 |
2018 | 9 | 7.44 |
It may take a day or so for new Esxi vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Esxi Security Vulnerabilities
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write
CVE-2025-22224
8.2 - High
- March 04, 2025
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
VMware ESXi contains an arbitrary write vulnerability
CVE-2025-22225
8.2 - High
- March 04, 2025
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Write-what-where Condition
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS
CVE-2025-22226
6 - Medium
- March 04, 2025
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
VMware ESXi contains an out-of-bounds read vulnerability
CVE-2024-37086
- June 25, 2024
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
VMware ESXi contains an authentication bypass vulnerability
CVE-2024-37085
7.2 - High
- June 25, 2024
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
authentification
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability
CVE-2024-22273
7.8 - High
- May 21, 2024
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
Out-of-bounds Read
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller
CVE-2024-22253
6.7 - Medium
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
VMware ESXi contains an out-of-bounds write vulnerability
CVE-2024-22254
8.2 - High
- March 05, 2024
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller
CVE-2024-22255
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller
CVE-2024-22252
6.7 - Medium
- March 05, 2024
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Dangling pointer
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services
CVE-2023-29552
7.5 - High
- April 25, 2023
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI)
CVE-2022-31705
8.2 - High
- December 14, 2022
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
Memory Corruption
VMware ESXi contains a heap-overflow vulnerability
CVE-2022-31699
3.3 - Low
- December 13, 2022
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.
Memory Corruption
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket
CVE-2022-31696
8.8 - High
- December 13, 2022
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
Memory Corruption
VMware ESXi contains a null-pointer deference vulnerability
CVE-2022-31681
6.5 - Medium
- October 07, 2022
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
NULL Pointer Dereference
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
CVE-2022-23825
6.5 - Medium
- July 14, 2022
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Exposure of Resource to Wrong Sphere
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant
CVE-2022-29901
6.5 - Medium
- July 12, 2022
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Exposure of Resource to Wrong Sphere
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may
CVE-2022-21166
5.5 - Medium
- June 15, 2022
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may
CVE-2022-21123
5.5 - Medium
- June 15, 2022
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may
CVE-2022-21125
5.5 - Medium
- June 15, 2022
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Insufficient Cleanup
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets
CVE-2021-22042
7.8 - High
- February 16, 2022
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
AuthZ
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy
CVE-2021-22050
7.5 - High
- February 16, 2022
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelming rhttpproxy service with multiple requests.
Allocation of Resources Without Limits or Throttling
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller
CVE-2021-22040
6.7 - Medium
- February 16, 2022
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Dangling pointer
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller
CVE-2021-22041
6.7 - Medium
- February 16, 2022
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled
CVE-2021-22043
7.5 - High
- February 16, 2022
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.
TOCTTOU
VMware ESXi (7.0
CVE-2021-22045
7.8 - High
- January 04, 2022
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
Memory Corruption
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability
CVE-2021-21994
9.8 - Critical
- July 13, 2021
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
authentification
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue
CVE-2021-21995
7.5 - High
- July 13, 2021
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
Out-of-bounds Read
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551
CVE-2021-21974
8.8 - High
- February 24, 2021
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
Memory Corruption
VMware ESXi (7.0 prior to ESXi70U1c-17325551)
CVE-2020-3999
6.5 - Medium
- December 21, 2020
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
NULL Pointer Dereference
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability
CVE-2020-4005
7.8 - High
- November 20, 2020
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)
Improper Privilege Management
VMware ESXi (7.0 before ESXi70U1b-17168206
CVE-2020-4004
8.2 - High
- November 20, 2020
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Dangling pointer
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3981
5.8 - Medium
- October 20, 2020
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
TOCTTOU
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3982
7.7 - High
- October 20, 2020
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
Memory Corruption
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804
CVE-2020-3992
9.8 - Critical
- October 20, 2020
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
Dangling pointer
In VMware ESXi (6.7 before ESXi670-201908101-SG
CVE-2020-3995
5.3 - Medium
- October 20, 2020
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.
Memory Leak
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services
CVE-2020-3976
5.3 - Medium
- August 21, 2020
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Resource Exhaustion
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3965
5.5 - Medium
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
Out-of-bounds Read
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3966
7.5 - High
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Race Condition
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3964
4.7 - Medium
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
Use of Uninitialized Resource
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3963
5.5 - Medium
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.
Dangling pointer
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG)
CVE-2020-3971
5.5 - Medium
- June 25, 2020
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.
Memory Corruption
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3970
3.8 - Low
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.
Out-of-bounds Read
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3967
7.5 - High
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Memory Corruption
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3968
8.2 - High
- June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Memory Corruption
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3962
8.2 - High
- June 24, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.
Dangling pointer
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839
CVE-2020-3969
7.8 - High
- June 24, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
off-by-five
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG)
CVE-2020-3958
5.5 - Medium
- May 29, 2020
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition.
Improper Input Validation
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG)
CVE-2020-3959
3.3 - Low
- May 29, 2020
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service.
Buffer Overflow
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes
CVE-2020-3955
9.3 - Critical
- April 29, 2020
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Esxi or by VMware? Click the Watch button to subscribe.
