What is CVE-2019-5544?

A critical heap overwrite vulnerability exists in VMware ESXi and Horizon DaaS. With a CVSS score of 9.8, organizations must act promptly to mitigate risks. Failure to address this vulnerability could lead to significant data breaches and operational disruptions.

What is the severity of CVE-2019-5544?

CVE-2019-5544 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2019-5544 in CISA KEV?

Yes. CVE-2019-5544 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2019-5544 | Critical Vulnerability in VMware ESXi and Horizon DaaS

OpenSLP, as used in ESXi and the Horizon DaaS appliances, has a heap overwrite issue. This vulnerability allows attackers with network access to port 427 to exploit the OpenSLP service, potentially leading to remote code execution. Given the maximum CVSSv3 base score of 9.8, VMware has classified this vulnerability as critical.

Risk to organizations includes unauthorized access and control over affected systems. Attackers may leverage this vulnerability to manipulate system resources, leading to severe consequences such as data loss or service disruption. The urgency for defenders is heightened, and organizations should prioritize patching immediately.

The exploitation status of CVE-2019-5544 indicates that it is actively exploited in the wild, as it has been included in the Known Exploited Vulnerabilities (KEV) catalog since November 3, 2021. Organizations must take proactive measures to mitigate the associated risks.

Defenders should be aware that the vulnerability affects various versions of VMware ESXi and Horizon DaaS, necessitating immediate action to ensure system security.

Vulnerability Details

The official description of this vulnerability states that OpenSLP has a heap overwrite issue. The severity level is critical, with a CVSS score of 9.8, indicating a high potential for exploitation. The affected products include VMware ESXi and Horizon DaaS, with the vulnerability first published on December 6, 2019. The associated CWE classification is CWE-787.

Technical Analysis

The root cause of this vulnerability is a flaw in the OpenSLP service, which allows an attacker with network access to overwrite the heap. The attack vector is network-based, and the complexity of the attack is low, requiring no privileges or user interaction. The impacts on confidentiality, integrity, and availability are all classified as high, indicating that an exploit could lead to significant data breaches and system instability.

Risk & Impact Analysis

Organizations utilizing affected versions of VMware ESXi and Horizon DaaS face substantial risks, including potential unauthorized access and control over critical infrastructure. The blast radius for this vulnerability is extensive, as it can affect multiple systems within a network. Given its CVSS score and active exploitation status, organizations must assess their exposure and prioritize remediation immediately.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

The vulnerable versions of VMware ESXi include 6.0 and various updates to Horizon DaaS from version 8.0.0 to prior to 9.0.0. Organizations using these versions should ensure they have the latest patches applied.

Mitigation & Remediation

Organizations should apply updates per vendor instructions to mitigate this vulnerability. If a patch is unavailable, consider implementing network segmentation to restrict access to the affected services. Additionally, monitor for any suspicious activities related to OpenSLP services.

For continuous security testing to validate fixes, organizations should consider engaging in continuous penetration testing to ensure no similar weaknesses remain.

Detection Guidance

Organizations should monitor logs for any indications of unusual behavior in OpenSLP services. Behavioral anomalies might indicate an ongoing exploitation attempt. Implementing network signatures to detect unauthorized access attempts can also be crucial.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2019-5544 lies in its potential to expose organizations to substantial risks, particularly in the context of increasing ransomware campaigns targeting vulnerabilities in widely used infrastructure services. Security teams should prioritize understanding and remediating similar vulnerabilities to enhance their overall security posture.

Incorporating lessons learned from this incident can help organizations develop a more robust defensive strategy. For further insights, organizations may consider implementing penetration testing methodology into their security frameworks.

Additionally, building a comprehensive vulnerability management program can further assist in addressing and mitigating such vulnerabilities effectively.

Lastly, considering engaging with specialized services for red teaming to simulate real-world attack scenarios can provide valuable insights into the effectiveness of current defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2019-5544: Critical Vulnerability in VMware ESXi and Horizon DaaS