CVE-2021-21999

Affected products: VMware Tools for Windows (11.x.y before 11.2.6), VMware Remote Console for Windows (12.x before 12.0.1), and VMware App Volumes (2.x before 2.18.10 and 4 before 2103). Root cause: local privilege escalation via placing a malicious file named openssl.cnf in an unrestricted direc...

CVE-2022-31676

Summary: CVE-2022-31676 affects VMware Tools / open-vm-tools (versions including 12.0.0, 11.x.y, 10.x.y). A local non-administrative guest OS user can escalate privileges to root inside the VM. Root cause / impact: Local privilege escalation within the guest VM as described in multiple security a...

CVE-2023-20867

Summary: CVE-2023-20867 affects open-vm-tools (VMware Tools) with an authentication bypass in the vgauth module, enabling a fully compromised ESXi host to disrupt host-to-guest authentication and impact guest VM confidentiality and integrity. The issue is exploitable with root access on ESXi (loc...

CVE-2022-31693

CVE-2022-31693 affects VMware Tools for Windows (versions 12.x.y before 12.1.5, 11.x.y, and 10.x.y). A local attacker with user privileges in the Windows guest can trigger a PANIC in the VM3DMP driver, causing a denial-of-service condition in the Windows guest OS. The vulnerability is due to the ...

CVE-2023-20900

CVE-2023-20900 is a vulnerability in Open VMware Tools (open-vm-tools) where a malicious actor with Guest Operation Privileges may elevate to a higher privilege via a more-privileged Guest Alias in the VM. The connected documents confirm Open VM Tools is affected and describe a SAML token signatu...

CVE-2023-34058

CVE-2023-34058 affects open-vm-tools/VMware Tools. A SAML token signature bypass in VMware Tools can enable privilege elevation when a VM’s Guest Operation Privileges and a higher-privilege Guest Alias are involved. Multiple connected advisories confirm open-vm-tools as the affected component acr...

CVE-2019-5522

CVE-2019-5522 concerns VMware Tools for Windows. The vulnerability is an out-of-bounds read in the vm3dmp driver installed with VMware Tools, affecting VMware Tools for Windows versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access in a Windows guest could le...

CVE-2022-22977

CVE-2022-22977 affects VMware Tools for Windows (12.0.0, 11.x.y, 10.x.y). It is an XML External Entity (XXE) vulnerability in the VMware VGAuthService component used by the guest VM tools, exploitable by a non‑administrative local user to cause denial of service and potentially disclose informati...

CVE-2022-22943

CVE-2022-22943 affects VMware Tools for Windows 11.x.y and 10.x.y prior to 12.0.0, where an uncontrolled search path element can be leveraged by a local administrator in the Windows guest to run code with SYSTEM privileges. The issue is attributed to insufficient/unspecified path handling in VMwa...

CVE-2020-3941

CVE-2020-3941 boils down to a race-condition in the repair operation of VMware Tools for Windows (10.x.y), which may enable local privilege escalation in the guest VM. VMware notes the vulnerability is not present in Tools 11.x.y, where the affected functionality is removed. Affected remediation ...

CVE-2023-34057

CVE-2023-34057 affects VMware Tools. A local user within a guest VM could escalate privileges in the VM. The vulnerability is addressed by updates to VMware Tools (e.g., versions 12.1.1 and 12.3.5 per advisories) with remediation guidance in VMSA-2023-0024; exploitation details are not provided i...

CVE-2025-41244

CVE-2025-41244 covers a local privilege-escalation in Open VM Tools used with VMware Aria Operations; a non-administrative local user with access to a VM that has VMware Tools (SDMP enabled) can escalate to root within the same VM. Affected component: open-vm-tools bundled with VMware Tools; root...

CVE-2021-21997

CVE-2021-21997 affects VMware Tools for Windows prior to 11.3.0, where the VM3DMP driver canPANIC under local-privileged execution in the Windows guest, causing a denial-of-service condition. Affected product: VMware Tools for Windows (11.x.y and earlier). Root cause: vulnerability in VM3DMP driv...

CVE-2016-5330

CVE-2016-5330 describes a local privilege-escalation in VMware HGFS (Shared Folders) where a Trojan horse DLL loaded from the current working directory or other insecure paths can be executed with the rights of the affected guest/user. The vulnerability affects multiple VMware products and versio...

CVE-2018-6969

CVE-2018-6969 affects VMware Tools 10.x and earlier (before 10.3.0). The vulnerability is an out-of-bounds read in the HGFS Shared Folders feature. Successful exploitation may lead to information disclosure or privilege escalation on the guest VM when Shared Folders is enabled. Public sources (VM...

CVE-2014-4199

CVE-2014-4199 affects vm-support 0.88 in VMware Tools (distributed with VMware Workstation up to 10.0.3 and related products). The vulnerability arises from a symlink attack on a file in /tmp, allowing a local user to write to arbitrary files. The Open VM Tools/open-vm-tools references in OSV/Red...

CVE-2016-7079

VMware Tools on macOS (OS X) 9.x and 10.x are affected by CVE-2016-7079 and CVE-2016-7080. The graphic acceleration functions allow a local attacker to gain privileges or cause a denial of service via NULL pointer dereference, via unspecified vectors. The vulnerability is fixed in 10.0.9 for the ...

CVE-2014-4200

CVE-2014-4200 concerns vm-support 0.88 in VMware Tools (distributed with VMware Workstation up to 10.0.3 and related products). The underlying issue is that the vm-support archive is created with 0644 permissions, allowing local users to extract sensitive files from the archive. The public detail...

CVE-2015-5191

CVE-2015-5191 affects VMware Tools prior to 10.0.9, where multiple file system races in libDeployPkg arise from hard-coded paths under /tmp. This can allow a local unprivileged user to cause a privilege escalation. The connected F5 advisory and Mageia/SUSE/OpenVAS entries corroborate the issue an...

CVE-2016-7080

CVE-2016-7080 affects VMware Tools on macOS (OS X) where the graphic acceleration functions in VMware Tools 9.x and 10.x are vulnerable before version 10.0.9. The vulnerability allows local users to gain privileges or cause a denial of service via unspecified vectors, caused by a NULL pointer der...

CVE-2020-3972

CVE-2020-3972 affects VMware Tools for macOS (11.x.x and prior) with a denial-of-service in the Host-Guest File System (HGFS). The issue can be exploited by non-admin users inside a guest macOS VM to cause a DoS on their own VM when HGFS sharing is enabled. VMware provides a fix in VMware Tools f...

CVE-2016-5328

VMware Tools on macOS (VMware Tools 9.x/10.x before 10.1.0) with SIP enabled is affected by an information-disclosure vulnerability that allows a local attacker to obtain kernel memory addresses and bypass kASLR via unspecified vectors. The issue is documented in CVE-2016-5328 and VMware’s VMSA-2...