CVE-2014-4199 — Link Following in Vmware Workstation

CWE-59 — Link Following CWE-377 — Insecure Temporary File11 documents8 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 93.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Open-vm-tools Vmware Workstation Vmware Vm-support

Timeline

PublishedAug 28

Latest updateAug 24

Description

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVSS vector

AV:L/AC:M/C:N/I:C/A:CExploitability: 3.4 | Impact: 9.2

Affected Packages4 packages

▶Debianvmware/open-vm-tools< 2:9.4.6-1770165-7+3

▶Ubuntuvmware/open-vm-tools< 2:9.4.0-1280544-5ubuntu6.4+esm1

▶NVDvmware/workstation10.0.3+3

▶NVDvmware/vm-support0.88

🔴Vulnerability Details

OSV

open-vm-tools vulnerabilities↗2025-08-24

▶

GHSA

GHSA-v55p-68fc-xxcv: vm-support 0↗2022-05-17

▶

OSV

CVE-2014-4199: vm-support 0↗2014-08-28

▶

CVEList

CVE-2014-4199: vm-support 0↗2014-08-28

▶

📋Vendor Advisories

Ubuntu

Open VM Tools vulnerabilities↗2025-08-24

▶

Red Hat

open-vm-tools: insecure temporary file creation↗2014-08-26

▶

Debian

CVE-2014-4199: open-vm-tools - vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through ...↗2014

▶

💬Community

Bugzilla

CVE-2014-4200 CVE-2014-4199 open-vm-tools: various flaws [epel-6]↗2014-11-20

▶

Bugzilla

CVE-2014-4200 CVE-2014-4199 open-vm-tools: various flaws [fedora-all]↗2014-11-20

▶

Bugzilla

CVE-2014-4199 open-vm-tools: insecure temporary file creation↗2014-11-20

▶