CNNVD-202509-4395 Information
CNNVD ID
CNNVD-202509-4395
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
VMware Tools for Windows是美国威睿(VMware)公司的一套基于Windows平台的、VMWare虚拟机自带的增强工具,它是VMware提供的用于增强虚拟显卡和硬盘性能、以及同步虚拟机与主机时钟的驱动程序。 VMware Tools for Windows存在安全漏洞,该漏洞源于用户访问控制处理不当,可能导致已通过vCenter或ESX认证的恶意攻击者访问其他客户虚拟机。
Description (English)
VMware Towers for Windows is a VMware-based VMWare Virtual Machine self-enhanced tool for the Windows platform provided by VMware to enhance virtual graphic cards and hard disk performance, as well as to synchronize virtual machines and host clocks. There is a security gap in VMware Tools for Windows, which stems from inappropriate handling of user access controls, which may lead to access to other client virtual machines by malicious assailants who have been certified as vCenter or ESX.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
威睿
Published
2025-09-29
Last Modified
2026-02-24
References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 https://vigilance.fr/vulnerability/VMware-Tools-two-vulnerabilities-dated-29-09-2025-48337