CVE-2023-20867 LOW

CVE-2023-20867: VMware Tools Authentication Bypass Vulnerability

Weakness CWE-287 · Improper authentication
KEV Status Known Exploited
Published June 13, 2023
Last update October 21, 2025

CVSS base score

3.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

June 13, 2023 CVE published
October 21, 2025 Record updated