Three Critical Vulnerabilities Detected in VMware Products
Broadcom, VMware’s parent company, has released critical security updates to address multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and other solutions. The vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have a severity rating between 7.1 and 9.3 on the CVSSv3 scale, and it is strongly recommended to apply the patches immediately to avoid security risks.
Vulnerability Descriptions
1. CVE-2025-22224: Memory Overflow Vulnerability in VMCI (Critical – CVSS 9.3)
- Description: This is a Time-of-Check Time-of-Use (TOCTOU) vulnerability in VMware ESXi that leads to a memory out-of-bounds write.
- Impact: An attacker with administrative privileges inside a virtual machine could execute arbitrary code in the host’s VMX process, potentially compromising the system.
- Exploitation Confirmation: VMware has confirmed that this vulnerability has already been exploited in real attacks.
2. CVE-2025-22225: Arbitrary Write Vulnerability in ESXi (Important – CVSS 8.2)
- Description: A flaw in VMware ESXi allows for arbitrary writes to the kernel.
- Impact: An attacker with privileges within the VMX process could execute malicious code, which could allow escape from the virtual machine and compromise the host.
3. CVE-2025-22226: Information Leak in HGFS (Important – CVSS 7.1)
- Description: A vulnerability has been detected in the VMware Host-Guest Shared File System (HGFS) that causes memory out-of-bounds reads.
- Impact: An attacker with administrative privileges inside a virtual machine could leak sensitive information from the VMX process, posing a data leakage risk.
Affected Products and Fixed Versions
| VMware Product | Affected Versions | CVE | Severity | Fixed Version |
|---|---|---|---|---|
| VMware ESXi | 8.0, 7.0 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | Critical | ESXi80U3d-24585383, ESXi70U3s-24585291 |
| VMware Workstation | 17.x | CVE-2025-22224, CVE-2025-22226 | Critical | 17.6.3 |
| VMware Fusion | 13.x | CVE-2025-22226 | Important | 13.6.3 |
| VMware Cloud Foundation | 5.x, 4.5.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | Critical | Asynchronous patch (KB88287) |
| VMware Telco Cloud Platform | 5.x, 4.x, 3.x, 2.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | Critical | KB389385 |
No Workarounds: Immediate Update Required
VMware has indicated that there are no temporary workarounds to mitigate these vulnerabilities. The only way to protect yourself is to apply the security updates as soon as possible.
How to Apply the Update
- Identify the affected products and versions in your infrastructure.
- Download the security patches from the VMware support portal.
- Apply the updates following the official documentation.
- Restart VMware services to ensure that patches have been applied correctly.
- Monitor system logs to identify any possible previous exploitation attempts.
Priority Update Due to Confirmed Exploitation
Since at least one of these vulnerabilities has already been actively exploited, it is critical that organizations using VMware ESXi, Workstation, and Fusion prioritize applying the patches to prevent potential attacks.
For more information and access to the official documentation, please visit:
🔗 VMware Security Advisory (VMSA-2025-0004).
Source: System Administration news