Vmware tools

This hub aggregates every CVE we track for Vmware tools, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Vmware tools.

• CVE-2025-41244VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)KEV7.8Sep 29, 2025
• CVE-2025-41246Improper authorisation vulnerability7.6Sep 29, 2025
• CVE-2025-41239vSockets information-disclosure vulnerability7.1Jul 15, 2025
• CVE-2025-22247Insecure file handling vulnerability6.1May 12, 2025
• CVE-2025-22230Authentication bypass vulnerability7.8Mar 25, 2025
• CVE-2023-34058VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-securit...7.1Oct 27, 2023
• CVE-2023-34057VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. 7.8Oct 27, 2023
• CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtu...7.1Aug 31, 2023
• CVE-2023-20867VMware Tools Authentication Bypass VulnerabilityKEV3.9Jun 13, 2023
• CVE-2022-31693VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows gue...5.5Jun 7, 2023
• CVE-2022-31676VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a roo...7.8Aug 23, 2022
• CVE-2022-22977VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, whe...7.1May 24, 2022
• CVE-2022-22943VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, wher...6.7Mar 3, 2022
• CVE-2021-21999VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege...7.8Jun 23, 2021
• CVE-2021-21997VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system...5.5Jun 18, 2021