The host is missing a critical security update according to advisory VMSA-2022-0033 and prone to a heap out-of-bounds write vulnerability. A flaw is present in the application, which fails to properly handle the USB 2.0 controller (EHCI). Successful exploitation allows an attacker with local administrative privileges on a virtual machine to exploit this issue to execute code as the virtual machine's VMX process running on the host.