CVE-2025-22226NVD

Vulnerability Summary

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Severity Level

HIGH(7.1)

Published Date

Mar 4, 2025

Last Modified

Mar 5, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-125: Out-of-bounds Read ↗

The software reads data past the end, or before the beginning, of the intended buffer.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-22226NVD

Vulnerability Summary

External References