Description
VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition.
References (1)
Core 1
Core References
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
24.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (7)
VMware/Cloud Foundation
5.x, 4.5.x
VMware/ESXi
7.0 - ESXi70U3sv-24723868
VMware/ESXi
8.0 - ESXi80U3se-24659227
VMware/Fusion
13.x - 13.6.3
VMware/Telco Cloud Infrastructure
3.x, 2.x
VMware/Telco Cloud Platform
5.x, 4.x, 3.x, 2.x
VMware/Workstation
17.x - 17.6.3
Published
May 20, 2025
Tracked Since
Feb 18, 2026