Bg ShapeBg Shape
THREAT INTELLIGENCE

VMware Workstation and Fusion Flaws Risk DoS, MitM

Affected Environment
Enterprises using VMware Workstation 17.x and Fusion 13.x, including 25H2 releases on Windows and macOS hosts running guest virtual machines.

Threat Overview
Four VMware desktop hypervisor flaws enable DoS, network interception, or limited data exposure from guest VMs, affecting host stability and tenant isolation.

Exposure Timeline
Issues disclosed 26 Feb 2026. Affected: Workstation 17.x/25H2 and Fusion 13.x/25H2. Exploitation status is not stated in the advisory text provided.

Attack Surface
Exposure sits at the virtualization layer. Risk arises from malicious users inside guest VMs targeting host-side processes and virtual NAT networking services.

Technical Root Cause
Flaws include NULL pointer dereference, out-of-bounds read/write, and a NAT issue. These weaknesses allow crashes, info disclosure, or traffic interception.

Exploitation Pathway
A user with access to a guest VM, with or without admin rights, can trigger memory or NAT bugs to crash services or intercept other guests’ network traffic.

Operational Impact
Potential VM or host process crashes, disruption of services on affected hosts, interception of VM traffic, and limited data exposure from impacted systems.

Strategic Impact
Shows ongoing risk from client hypervisors where guest users can affect other VMs or host. Highlights need for strict VM access control and timely patching.

Required Mitigation
Upgrade VMware Workstation and Fusion to 25H2u1. Maintain timely OS, app, and firmware updates, and enforce least privilege on all guest and host systems.

Incident Response Guidance
If misuse is suspected, restrict access to affected hosts, review guest activity and network flows, validate integrity of services, then patch and monitor closely.

References
Broadcom VMware Security Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36986
CVE-2026-22722
CVE-2026-22715
CVE-2026-22716
CVE-2026-22717

Download the Full Report

Explore More of the Latest Threat Intelligence

April 15, 2026

Multiple Adobe Product Vulnerabilities Allow Code Execution

Read Report
April 15, 2026

Ivanti Neurons for ITSM Flaws Allow Persistent Access, XSS

Read Report
April 15, 2026

Multiple Fortinet Flaws Enable Code Execution and Access

Read Report

Trusted by clients worldwide

Logo
Logo
Logo
Logo
Logo
Logo

Your 24/7 Security Partner

Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.

Awards Image
Awards Image
Awards Image
Awards Image
Awards Image
Awards Image