Skip to main content

VMware

Vendor security scorecard – 643 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 3750
643
CVEs
94
Critical
270
High
23
KEV
71
PoC
229
Unpatched C/H
36.5%
Patch Rate
4.9%
Avg EPSS

Severity Breakdown

CRITICAL
94
HIGH
270
MEDIUM
261
LOW
17

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2015-2342 The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%. CRITICAL 10.0 92.0% 177
PoC
CVE-2016-7456 VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%. CRITICAL 9.8 82.1% 166
PoC No patch
CVE-2012-3569 Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.6%. CRITICAL 9.3 80.6% 162
PoC
CVE-2013-3520 VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.9%. HIGH 7.5 81.9% 154
PoC No patch
CVE-2025-22224 VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host. CRITICAL 9.3 52.7% 149
KEV No patch
CVE-2021-21974 VMware ESXi versions 7.0 before U1c, 6.7 before specific patches, and 6.5 before specific patches contain a heap overflow in the OpenSLP service accessible on port 427. An attacker on the same network segment can trigger remote code execution on the ESXi hypervisor, compromising all virtual machines hosted on the server. HIGH 8.8 55.0% 129
PoC No patch
CVE-2016-5330 Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%. HIGH 7.8 25.5% 99
PoC No patch
CVE-2025-22225 VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel. HIGH 8.2 7.9% 99
KEV No patch
CVE-2026-22719 VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. HIGH 8.1 7.4% 98
KEV
CVE-2025-22226 VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host. HIGH 7.1 6.8% 92
KEV No patch
CVE-2017-4915 VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%. HIGH 7.8 11.6% 86
PoC
CVE-2021-21972 The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 99.6% 84
KEV PoC No patch
CVE-2021-21978 VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 99.0% 84
PoC No patch
CVE-2021-21985 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 100.0% 84
KEV PoC No patch
CVE-2021-22005 The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. CRITICAL 9.8 100.0% 84
KEV PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy