Description
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.
References (1)
Core 1
Core References
Patch, Release Notes, Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2023-0003.html
Scores
CVSS v3
8.4
EPSS
0.0011
EPSS Percentile
29.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (1)
vmware/workstation
17.0
Published
Feb 03, 2023
Tracked Since
Feb 18, 2026