CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Critical VMware Vulnerabilities Exploited

Broadcom, the parent company of VMware, has released a critical security advisory (VMSA-2025-0004) detailing multiple vulnerabilities affecting VMware ESXi, Workstation, and Fusion. The advisory warns that these flaws—CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226—pose serious security risks, with some already being exploited in the wild.

The most severe vulnerability (CVE-2025-22224, CVSS 9.3) is a critical heap-overflow flaw in VMCI that could allow a local attacker with administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host.

Another critical vulnerability (CVE-2025-22225, CVSS 8.2) exists in ESXi and could allow an attacker with privileges within the VMX process to trigger an arbitrary kernel write, leading to sandbox escape.

Additionally, an important vulnerability (CVE-2025-22226, CVSS 7.1) in HGFS could allow an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.

Worryingly, VMware has confirmed that there are reports of active exploitation in the wild for all three vulnerabilities.

The vulnerabilities impact a wide range of VMware products, including:

VMware ESXi (Versions 7.0 and 8.0)
VMware Workstation Pro and Player (Version 17.x)
VMware Fusion (Version 13.x)
VMware Cloud Foundation (Versions 4.5.x and 5.x)
VMware Telco Cloud Platform

Broadcom has explicitly stated that no workarounds exist for these vulnerabilities. Users and organizations must apply the necessary patches as soon as possible.

VMware urges users to apply the patches provided in the advisory’s Response Matrix immediately. The patches address the vulnerabilities by fixing the out-of-bounds write in VMCI, the arbitrary write in ESXi, and the out-of-bounds read in HGFS.

Rate this post

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply