Vulnerabilities in VMware

225 results
Vexday analysis

Com 6 CVEs confirmadas em exploração ativa pelo CISA KEV, a VMware apresenta uma taxa de exploração 6 vezes acima da média geral do catálogo, sinal de que suas vulnerabilidades atraem atenção ofensiva desproporcional ao volume total de falhas catalogadas. A CVE-2023-34048, com EPSS de 0,9943, representa o caso mais crítico no momento — probabilidade de exploração próxima à máxima estimada pelo modelo, justificando tratamento prioritário em qualquer fila de remediação. A presença de 7 CVEs com PoC pública e 10 de severidade crítica amplia a superfície de risco concreto, especialmente considerando que 11 novas vulnerabilidades surgiram nos últimos 90 dias. O tipo de falha mais recorrente (CWE-79) sugere atenção persistente a controles de saída e sanitização em componentes de interface, mas o perfil geral de risco da VMware é dominado por falhas de maior impacto sistêmico com alto potencial de exploração.

CVE-2025-22245MEDIUMVMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.EPSS 0.2%CVE-2026-41713HIGHPrompt Injection via Memory Poisoning in PromptChatMemoryAdvisorEPSS 0.2%CVE-2026-22750HIGHSSL bundle configuration silently bypassed in Spring Cloud GatewayEPSS 0.2%CVE-2024-38823LOWCVE-2024-38823 Salt AdvisoryEPSS 0.2%CVE-2024-38822LOWCVE-2024-38822 Salt AdvisoryEPSS 0.2%CVE-2020-3957VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) containEPSS 0.2%CVE-2023-34044HIGHInformation disclosure vulnerability in bluetooth device-sharing functionalityEPSS 0.2%CVE-2026-22715MEDIUMVMware Workstation/Fusion NAT vulnerabilityEPSS 0.2%CVE-2024-38830HIGHLocal privilege escalation vulnerabilityEPSS 0.2%CVE-2026-22717LOWVMware Workstation out-of-bound read vulnerabilityEPSS 0.2%CVE-2025-22241MEDIUMCVE-2025-22241 salt advisoryEPSS 0.2%CVE-2023-34045MEDIUMVMware Fusion installer local privilege escalationEPSS 0.2%CVE-2025-22239HIGHCVE-2025-22239 salt advisoryEPSS 0.2%CVE-2025-22237MEDIUMCVE-2025-22237 salt advisoryEPSS 0.2%CVE-2026-22716MEDIUMVMware Workstation out-of-bounds write vulnerabilityEPSS 0.2%CVE-2025-22236HIGHCVE-2025-22236 salt advisoryEPSS 0.1%CVE-2026-22722MEDIUMVMware Workstation for Windows null pointer dereference may allow an authenticated user to trigger a crashEPSS 0.1%CVE-2025-22231HIGHVMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)EPSS 0.1%CVE-2025-41227MEDIUMDenial-of-Service VulnerabilityEPSS 0.1%CVE-2025-22240MEDIUMCVE-2025-22240 salt advisoryEPSS 0.1%