CVE-2017-4925 vulnerability in VMware Products
Published on September 15, 2017

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

NVD

Products Associated with CVE-2017-4925

Want to know whenever a new CVE is published for VMware products? stack.watch will email you.

VMware ESXi

VMware Workstation

VMware Workstation Pro

VMware Fusion

Affected Versions

VMware ESXi:

Version 6.5 without patch ESXi650-201707101-SG is affected.
Version 6.0 without patch ESXi600-201706101-SG is affected.
Version 5.5 without patch ESXi550-201709101-SG is affected.

VMware Workstation:

Version 12.x before 12.5.3 is affected.

VMware Fusion:

Version 8.x before 8.5.4 is affected.

Exploit Probability

EPSS

0.06%

Percentile

17.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-4925 vulnerability in VMware ProductsPublished on September 15, 2017

Products Associated with CVE-2017-4925

Affected Versions

Exploit Probability

CVE-2017-4925 vulnerability in VMware Products
Published on September 15, 2017