Vulnerability in VMware Workstation (CVE-2023-20854)

VMware Workstation is a virtualization software that allows to run several virtual machines in parallel on one device. These virtual machines can be managed via the software VMware Workstation Player or VMware Workstation Pro, which is installed on all systems used for managing virtual machines.

During research, a vulnerability was found in the Windows installation packages of VMware Workstation Player and VMware Workstation Pro. The vulnerability was reported to the manufacturer.

Arbitrary File Deletion

Insecure operations are performed in the repair feature of the installation package, which allows an unprivileged local attacker to delete almost arbitrary files on the system. Carrying out a targeted deletion of dependencies in the VMware Workstation installation makes it possible for an attacker to obtain system privileges and execute arbitrary code. Both VMware Workstation Player and VMware Workstation Pro are affected by this vulnerability.

VMware has summarized the vulnerability in the two installation packages under the reference VMSA-2023-0003 [1] and registered it as CVE-2023-20854.

Affected Versions
VMware Workstation before version 17.0.1

The vulnerability can be fixed by updating to version 17.0.1 of VMware Workstation Player or VMware Workstation Pro.


Frederik Reiter (cirosec GmbH)


Do you want to protect your systems? Get in touch with us.