VMware fixed a code execution flaw in Fusion hypervisor

Pierluigi Paganini September 03, 2024

VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it.

VMware addressed a high-severity code execution vulnerability, tracked as  (CVSS 8.8/10), in its Fusion hypervisor.

The vulnerability is due to the usage of an insecure environment variable, a threat actor with standard user privileges can trigger the flaw to execute code in the context of the Fusion application.

“VMware Fusion contains a code-execution vulnerability due to the usage of an insecure environment variable.” reads the published by the virtualization giant. “A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.”

The vulnerability affects VMware Fusion versions 13.x, the company addressed the issue with the .

According to the advisory, there are no workarounds available for the vulnerability. It is not clear if the company is aware of attacks in the wild that exploited the flaw.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, VMware Fusion)



you might also like

leave a comment