The root cause of the issue, tracked as CVE-2024-38811 (CVSS 8.8/10), is an insecure environment variable, VMware notes in an advisory. VMware Fusion contains a code execution vulnerability due to the usage of an insecure environment variable. VMware has evaluated the severity of this issue to be in the ‘Important’ severity range. According to VMware, the CVE-2024-38811 defect could be exploited to execute code in the context of Fusion, which could potentially lead to complete system compromise. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application, VMware says.