The host is installed with VMware Fusion 11.x before 11.0.3 and is prone to a missing authentication for critical function vulnerability. A flaw is present in the application, which fails to properly handle issues in the unauthenticated APIs. On successful exploitation, an attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed.