Home / Threat Intelligence bulletins / VMware released security patches for ESXi, Workstation, and Fusion vulnerabilities

Target Industry

Indiscriminate, opportunistic targeting.


VMware has released security patches to remediate four security flaws impacting ESXi, Workstation, and Fusion, including two critical vulnerabilities that could result in the execution of malicious code. The latter are tracked as CVE-2024-22252 and CVE-2024-22253, both of which have been classified with a CVSSv3.1 score of 9.3 Workstation and Fusion, and 8.4 for ESXi systems.

The remaining two security flaws addressed by VMware are:

  • CVE-2024-22254 (CVSSv3.1 score: 7.9) – An out-of-bounds write vulnerability in ESXi
  • CVE-2024-22255 (CVSSv3.1 score: 7.9) – An information disclosure vulnerability in the UHCI USB controller


Successful exploitation of CVE-2024-22252 and CVE-2024-22253, would likely allow a threat actor with local administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host, thereby leasing to the compromise of the integrity of data.

Successful exploitation of CVE-2024-22254 would likely allow a threat actor with privileges within the VMX process could exploit to trigger a sandbox escape.

Successful exploitation of CVE-2024-22255 would likely allow a threat actor with administrative access to a virtual machine may exploit to leak memory from the vmx process.

Vulnerability Detection

VMware has released a security update for the vulnerabilities reported on regarding the affected product versions, and as such, previous versions are now vulnerable to potential exploitation.

Affected Products

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation (Cloud Foundation)

Containment, Mitigations & Remediations

The vulnerabilities have been remediated in the following product versions:

  • ESXi 6.5 – 6.5U3v
  • ESXi 6.7 – 6.7U3u
  • ESXi 7.0 – ESXi70U3p-23307199
  • ESXi 8.0 – ESXi80U2sb-23305545 and ESXi80U1d-23299997
  • VMware Cloud Foundation (VCF) 3.x
  • Workstation 17.x – 17.5.1
  • Fusion 13.x (macOS) – 13.5.1

Indicators of Compromise

No specific Indicators of Compromise (IoC) are available currently.

Threat Landscape

VMware occupies a significant proportion of the virtualisation market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, VMware products have become a prime target for threat actors. With virtual machines have become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactic: Execution: [TA0002]

Further Information

VMware Advisory