vulnerability

VMware VMware Tools: CVE-2019-5522: VMware Tools for Windows out of bounds read vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:N/C:P/I:N/A:P)	Jun 6, 2019	Jun 3, 2025	May 18, 2026

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:P)

Published

Jun 6, 2019

Added

Jun 3, 2025

Modified

May 18, 2026

Description

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools for Windows installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

Solution

vmware-tools-upgrade-latest

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23554
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-15097
CVE-2019-5522
https://attackerkb.com/topics/CVE-2019-5522
CWE-125
EUVD-EUVD-2019-15097

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report