Skip to main content
HashnodeFPT IS SecurityFPT IS Security

Command Palette

Search for a command to run...

Attacks Target VMware ESXi Security Vulnerabilities

Updated
2 min read
Attacks Target VMware ESXi Security Vulnerabilities
N
Nguyễn Văn Trung
Part of seriesNewsletters-eng

Broadcom has released security updates to fix three critical vulnerabilities in VMware ESXi, Workstation, and Fusion products. These vulnerabilities are being actively exploited and could lead to unauthorized code execution or information leakage.

List of Security Vulnerabilities:

CVECVSS ScoreDescription of VulnerabilityImpact
CVE-2025-222249.3 (Critical)TOCTOU (Time-of-Check Time-of-Use) vulnerability causes out-of-bounds write.An attacker with administrative privileges on a virtual machine can execute code with the privileges of the VMX process on the host.
CVE-2025-222258.2 (Important)Arbitrary write vulnerability, which can lead to sandbox escape exploitation.An attacker with access to the VMX process can write to the kernel, leading to an escape from the virtualization environment.
CVE-2025-222267.1 (Important)Out-of-bounds read vulnerability in HGFS.An attacker with administrative privileges on a virtual machine can leak data from the VMX process.

Affected Versions:

  • VMware ESXi 8.0

  • VMware ESXi 7.0

  • VMware Workstation 17.x

  • VMware Fusion 13.x

  • VMware Cloud Foundation 5.x

  • VMware Cloud Foundation 4.x

  • VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x

  • VMware Telco Cloud Infrastructure 3.x, 2.x

Broadcom confirmed that they have "information indicating these vulnerabilities have been exploited in the wild." However, the company did not provide further details about the attack methods or the identities of the threat actors involved.

Patch and Mitigation Measures

ProductAffected VersionsCVEFixed Version
VMware ESXi8.0CVE-2025-22224, CVE-2025-22225, CVE-2025-22226ESXi80U3d-24585383, ESXi80U2d-24585300
VMware ESXi7.0CVE-2025-22224, CVE-2025-22225, CVE-2025-22226ESXi70U3s-24585291
VMware Workstation17.xCVE-2025-22224, CVE-2025-2222617.6.3
VMware Fusion13.xCVE-2025-2222613.6.3
VMware Cloud Foundation5.x, 4.xCVE-2025-22224, CVE-2025-22225, CVE-2025-22226Async patch ESXi80U3d-24585383 / ESXi70U3s-24585291
VMware Telco Cloud Platform5.x, 4.x, 3.x, 2.xCVE-2025-22224, CVE-2025-22225, CVE-2025-22226KB389385

These vulnerabilities were discovered and reported by the Microsoft Threat Intelligence Center. Since they are being actively exploited, users are advised to update to the latest patches immediately to ensure system security. 🚨

References

  1. VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches-https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html

  2. VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)-https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

#threat-intelligence

Comments

Join the discussion

No comments yet. Be the first to comment.

Newsletters-eng

Part 1 of 50

More from this blog

F

FPT IS Security

761 posts

Dedicated to providing insightful articles on cybersecurity threat intelligence, aimed at empowering individuals and organizations to navigate the digital landscape safely.