643
CVEs
94
Critical
270
High
23
KEV
71
PoC
229
Unpatched C/H
36.5%
Patch Rate
4.9%
Avg EPSS
Severity Breakdown
CRITICAL
94
HIGH
270
MEDIUM
261
LOW
17
Monthly CVE Trend
Affected Products (30)
Workstation
117
Cloud Foundation
112
Fusion
102
ESXi
94
Vcenter Server
71
Identity Manager
28
Player
27
Workstation Pro
26
Workstation Player
24
Horizon Client
24
Esx
23
Tools
20
Vrealize Automation
19
Workspace One Access
15
Vrealize Operations
14
Vrealize Suite Lifecycle Manager
13
Linux Kernel
13
Horizon View
13
Aria Operations
13
Identity Manager Connector
13
Debian Linux
11
Telco Cloud Platform
11
One Access
11
Nx Os
10
Telco Cloud Infrastructure
10
Vrealize Log Insight
10
Vcenter Server Appliance
10
Access Connector
9
Aria Operations For Logs
8
View
7
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2015-2342 | The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%. | CRITICAL | 10.0 | 92.0% | 177 |
PoC
|
| CVE-2016-7456 | VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.1%. | CRITICAL | 9.8 | 82.1% | 166 |
PoC
No patch
|
| CVE-2012-3569 | Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.6%. | CRITICAL | 9.3 | 80.6% | 162 |
PoC
|
| CVE-2013-3520 | VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.9%. | HIGH | 7.5 | 81.9% | 154 |
PoC
No patch
|
| CVE-2025-22224 | VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host. | CRITICAL | 9.3 | 52.7% | 149 |
KEV
No patch
|
| CVE-2021-21974 | VMware ESXi versions 7.0 before U1c, 6.7 before specific patches, and 6.5 before specific patches contain a heap overflow in the OpenSLP service accessible on port 427. An attacker on the same network segment can trigger remote code execution on the ESXi hypervisor, compromising all virtual machines hosted on the server. | HIGH | 8.8 | 55.0% | 129 |
PoC
No patch
|
| CVE-2016-5330 | Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.5%. | HIGH | 7.8 | 25.5% | 99 |
PoC
No patch
|
| CVE-2025-22225 | VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes, enabling escape from the VMX sandbox to the ESXi kernel. | HIGH | 8.2 | 7.9% | 99 |
KEV
No patch
|
| CVE-2026-22719 | VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | HIGH | 8.1 | 7.4% | 98 |
KEV
|
| CVE-2025-22226 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host. | HIGH | 7.1 | 6.8% | 92 |
KEV
No patch
|
| CVE-2017-4915 | VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%. | HIGH | 7.8 | 11.6% | 86 |
PoC
|
| CVE-2021-21972 | The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 99.6% | 84 |
KEV
PoC
No patch
|
| CVE-2021-21978 | VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 99.0% | 84 |
PoC
No patch
|
| CVE-2021-21985 | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 100.0% | 84 |
KEV
PoC
No patch
|
| CVE-2021-22005 | The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. | CRITICAL | 9.8 | 100.0% | 84 |
KEV
PoC
|