Critical Zero-Day Vulnerabilities Found in These VMware Products

Critical Zero-day Vulnerabilities Found in These Vmware Products

Critical Zero-Day Vulnerabilities Found in These VMware Products

Home » News » Critical Zero-Day Vulnerabilities Found in These VMware Products
Table of Contents

Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, found by Microsoft’s Menace Intelligence Middle. The issues, which have been being leveraged in real-world assaults on the time of discovery, may permit attackers with administrator or root entry to a digital machine to breach the underlying hypervisor, doubtlessly exposing all related VMs and delicate information.

How do these vulnerabilities work?

If a risk actor features administrative entry to a digital machine’s visitor OS, they’ll escalate privileges and break into the hypervisor. As soon as inside, they might manipulate or entry different digital machines working on the identical hypervisor, posing a big safety threat.

The three vulnerabilities are:

  • CVE-2025-22224: A Time-of-Examine Time-of-Use (TOCTOU) vulnerability in VMware ESXi and Workstation which might result in an out-of-bounds write situation if an attacker already has admin privileges.
  • CVE-2025-22225: An arbitrary write vulnerability in VMware ESXi.
  • CVE-2025-22226: An data disclosure vulnerability in VMware ESXi, Workstation, and Fusion that could possibly be used to leak reminiscence.

To remediate the vulnerabilities, prospects ought to apply the patches present in Broadcom’s notification. All variations of VMware ESX, VMware vSphere, VMware Cloud Basis, or VMware Telco Cloud Platform are affected, besides these with the most recent replace.

SEE: Google Chrome’s change to Manifest V3 continues to interrupt advert blockers reminiscent of uBlock Origin.

Which merchandise are affected?

The next merchandise are affected by all three CVEs (by way of Rapid7):

  • Broadcom VMware ESXi 7.0 and eight.0.
  • Broadcom VMware Cloud Basis 4.5.x and 5.x.
  • Broadcom VMware Telco Cloud Platform 5.x, 4.x, 3.x, and a couple of.x.
  • Broadcom VMware Telco Cloud Infrastructure 3.x and a couple of.x.

The next product is susceptible to CVE-2025-22224 and CVE-2025-22226 particularly:

  • Broadcom VMware Workstation 17.x.

The next product is susceptible to CVE-2025-22226 particularly:

  • Broadcom VMware Fusion 13.x.

VMware’s Reside Patch characteristic is not going to apply the patches mechanically on this case.

VMware Cloud Basis Operations, Automation, Aria Suite, and VMware NSX are usually not affected.

Final 12 months, VMware ESXi servers have been hit by a double-extortion ransomware variant, with the risk actors impersonating an actual group.

author avatar
roosho Senior Engineer (Technical Services)
I am Rakib Raihan RooSho, Jack of all IT Trades. You got it right. Good for nothing. I try a lot of things and fail more than that. That's how I learn. Whenever I succeed, I note that in my cookbook. Eventually, that became my blog. 
See Full Bio
IT Support Specialist Server and Storage Specialist Dell MidRange Storage Solutions Specialist
social network icon social network icon social network icon social network icon social network icon
share this article.

related posts .

close menu icon

Enjoying my articles?

Sign up to get new content delivered straight to your inbox.

Please enable JavaScript in your browser to complete this form.
Name