CVE-2023-20854

CVE Database · CVE-2023-20854

CVE-2023-20854

· HIGHModified

CVSS v3.1

8.4

EPSS

0.29%

Published

Feb 3, 2023

Modified

Mar 26, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Weaknesses (CWE)

CWE-269CWE-269

Affected Products (2)

vmware · workstationvulnerable

microsoft · windows

References (2)

https://www.vmware.com/security/advisories/VMSA-2023-0003.html

PatchRelease NotesVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2023-0003.html

PatchRelease NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs