CVE-2026-22717 is a security vulnerability classified as CWE-125 (Out-of-bounds Read) found in VMware Workstation versions 25H1 and earlier across all supported platforms. This vulnerability allows an attacker with non-administrative privileges inside a guest virtual machine to perform an out-of-bounds read operation on the host system where VMware Workstation is installed. The flaw enables limited information disclosure from the host to the guest, potentially leaking sensitive data. The attack vector requires local access to the guest VM and user interaction, with a high attack complexity, meaning exploitation is not straightforward. The vulnerability does not allow privilege escalation or code execution but compromises confidentiality to a limited extent. The CVSS v3.1 base score is 2.7, reflecting low severity due to the limited impact and exploitation requirements. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The issue arises from improper bounds checking in the VMware Workstation code handling guest-host interactions, leading to reading memory outside intended boundaries. This could be leveraged by malicious insiders or attackers who gain guest VM access to gather information about the host environment, which might assist in further attacks or reconnaissance.

The primary impact of CVE-2026-22717 is limited information disclosure from the host system to an attacker operating within a guest VM. This compromises confidentiality but does not affect integrity or availability. Organizations using VMware Workstation in environments where guest VMs are accessible to untrusted or semi-trusted users face a risk of sensitive host data leakage. Although the information disclosed is limited, it could aid attackers in crafting more targeted attacks or escalating privileges through other vulnerabilities. The requirement for local guest VM access and user interaction reduces the likelihood of widespread exploitation. However, in environments such as development, testing, or shared hosting where multiple users have guest VM access, the risk is more pronounced. Enterprises relying heavily on VMware Workstation for virtualization, especially those with sensitive host environments, should consider this vulnerability a security concern. The absence of known exploits in the wild currently limits immediate risk but does not preclude future exploitation attempts once details become widely known.

To mitigate CVE-2026-22717, organizations should implement strict access controls to limit who can operate guest VMs, ensuring only trusted users have access. Disable or restrict features that allow guest-to-host communication unless absolutely necessary. Monitor guest VM activity for unusual behavior that could indicate exploitation attempts. Apply the principle of least privilege within guest VMs to reduce the potential impact of compromised guest accounts. VMware should be monitored for official patches or updates addressing this vulnerability, and these should be applied promptly once available. In the interim, consider isolating critical host systems from environments where untrusted guest VM users operate. Employ network segmentation and host-based intrusion detection systems to detect anomalous access patterns. Additionally, educate users about the risks of interacting with untrusted guest VMs and enforce policies to prevent unauthorized software execution within guest environments.