Korean
<< Back
VID 23346
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of VMware Workstation installed on the remote host is 17.x prior to 17.6.3. It is, therefore, affected by multiple vulnerabilities:

- VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. (CVE-2025-22224)
- VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. (CVE-2025-22226)

* References:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

* Platforms Affected:
VMware Workstation prior to 17.6.3
Linux Any version
Microsoft Windows Any version
Recommendation Upgrade to the latest versions of the affected applications(VMware Workstation 17.6.3 or later) available from the VMware Download Web site at http://www.vmware.com/download/
Related URL CVE-2025-22224,CVE-2025-22226 (CVE)
Related URL 105986 (SecurityFocus)
Related URL (ISS)