CVE-2020-4006
ENISA EUVD: EUVD-2020-25271 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
5 articles
EPSS Score
Source: FIRST.org · 2026-05-24
12.79%
probability
This CVE has a 12.79% probability
of being exploited in the next 30 days.
0%
Top 94.1th percentile of all CVEs
100%
CVSS v3.1
Source: NVD9.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Project ZeroCommand injection
Affected Products
Attack Intelligence
Google Project Zero
Patched
Dec. 3, 2020
Reported by
National Security Agency
Root Cause Analysis
???
VMware discloses critical zero-day vulnerability in Workspace One
BleepingComputer
Nov 23, 2020
VMware fixes zero-day vulnerability reported by the NSA
BleepingComputer
Dec 04, 2020
Security Advisory 2020-057
CERT-EU
Nov 25, 2020
Signal Intelligence
Confidence
92%
EPSS
12.79%
CVSS v3.1
9.1
Mentions
5
Last Seen
Dec 04, 2020
CNA Information
Analyst Note
CVE-2020-4006 is a critical command injection vulnerability (CVSS 9.1) affecting multiple VMware products, confirmed by official vendor documentation and validated through CERT-EU security advisory. The presence of Google Project Zero involvement and widespread product impact across Access, Identity Manager, and Cloud Foundation components provides strong evidence of authenticity and severity.
Threat Actors 1
APT 29
apt_group
Information theft and espionage
🇷🇺 RU
Triage Info
Decided atMar 03, 2026