PoC Published for VMware Workstation Guest-to-Host Escape

NCC Group has published a detailed analysis of a critical guest-to-host escape vulnerability in VMware Workstation, demonstrating a complete exploitation path from a compromised virtual machine (VM) to host compromise.

The flaw resides in the VM backdoor/RPC virtual device handling logic, where crafted inputs can induce memory corruption, enabling controlled code execution within the Workstation hypervisor process on the host.

The proof-of-concept (PoC) exploit validates the real-world risk of this vulnerability and underscores the importance of timely patching in multi-VM developer endpoints and sensitive lab environments.

Vulnerability Details

The vulnerability stems from flawed boundary checks in the RPC session handling code of VMware Workstation’s backdoor interface.

By reusing the same session ID and manipulating binary size, payload offset, and payload size fields across multiple RPC packets, an attacker can trigger an out-of-bounds write in the host buffer handling routine.

This write corrupts adjacent host memory, allowing an overwrite of function pointers or metadata that redirect execution flow to attacker-controlled payloads.

The attack does not require elevated privileges within the guest operating system; any user capable of issuing RPC calls to the VMware backdoor device can initiate the exploit.

CVE Table

Proof of Concept Exploit

The PoC exploit unfolds in four main stages.

First, the guest-side code opens an RPC session with the VMware backdoor device and obtains a session ID.

Next, the attacker primes the host buffer by sending a large payload packet.

A subsequent overlapping payload packet reuses the session ID, with carefully crafted size and offset parameters that force a boundary miscalculation and out-of-bounds write.

This corrupts critical host parser metadata, redirecting execution to a minimal shell payload embedded in the attacker’s data.

An optional third packet finalizes the control-flow hijack, ensuring reliable execution of attacker code when the RPC session is committed.

The high-level pseudocode sketch illustrates the logic:

text// guest-side pseudocode outline
open_vmware_backdoor();
uint32_t sid = rpc_begin_session();
// Packet A: prime host buffer
rpc_send(sid, .bin_size = A_SIZE, .payload_off = OFF_A, .payload_size = SZ_A, .data = bufA);
// Packet B: overlapping write to force OOB
rpc_send(sid, .bin_size = B_SIZE, .payload_off = OFF_B, .payload_size = SZ_B, .data = crafted_overlap);
// Optional Packet C to finalize hijack
rpc_send(sid, .bin_size = C_SIZE, .payload_off = OFF_C, .payload_size = SZ_C, .data = rop_or_shellcode);
// Trigger vulnerable processing path
rpc_commit(sid);

VMware has released security updates addressing the vulnerable RPC handling path.

Administrators should apply the latest patches immediately to remediate the flaw and prevent guest-to-host escapes.

In addition, restricting untrusted workloads on local Workstation installations is advised; high-risk testing VMs should be isolated from sensitive host data.

Continuous monitoring of the Workstation hypervisor process for anomalous child process creation and unusual file access can help detect exploitation attempts in real time.

Finally, enforcing host-level endpoint detection and response (EDR) and application control policies further constrain the behavior of the Workstation process post-compromise, limiting the attacker’s ability to pivot laterally to adjacent VMs or exfiltrate data.

Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today