Tech and AICritical Zero-Day Vulnerabilities Found in These VMware Products

Critical Zero-Day Vulnerabilities Found in These VMware Products

-


Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft’s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected VMs and sensitive data.

How do these vulnerabilities work?

If a threat actor gains administrative access to a virtual machine’s guest OS, they can escalate privileges and break into the hypervisor. Once inside, they could manipulate or access other virtual machines running on the same hypervisor, posing a significant security risk.

The three vulnerabilities are:

  • CVE-2025-22224: A Time-of-Check Time-of-Use (TOCTOU) vulnerability in VMware ESXi and Workstation which can lead to an out-of-bounds write condition if an attacker already has admin privileges.
  • CVE-2025-22225: An arbitrary write vulnerability in VMware ESXi.
  • CVE-2025-22226: An information disclosure vulnerability in VMware ESXi, Workstation, and Fusion that could be used to leak memory.

To remediate the vulnerabilities, customers should apply the patches found in Broadcom’s notification. All versions of VMware ESX, VMware vSphere, VMware Cloud Foundation, or VMware Telco Cloud Platform are affected, except those with the newest update.

SEE: Google Chrome’s switch to Manifest V3 continues to break ad blockers such as uBlock Origin.

Which products are affected?

The following products are affected by all three CVEs (via Rapid7):

  • Broadcom VMware ESXi 7.0 and 8.0.
  • Broadcom VMware Cloud Foundation 4.5.x and 5.x.
  • Broadcom VMware Telco Cloud Platform 5.x, 4.x, 3.x, and 2.x.
  • Broadcom VMware Telco Cloud Infrastructure 3.x and 2.x.

The following product is vulnerable to CVE-2025-22224 and CVE-2025-22226 specifically:

  • Broadcom VMware Workstation 17.x.

The following product is vulnerable to CVE-2025-22226 specifically:

  • Broadcom VMware Fusion 13.x.

VMware’s Live Patch feature will not apply the patches automatically in this case.

VMware Cloud Foundation Operations, Automation, Aria Suite, and VMware NSX are not affected.

Last year, VMware ESXi servers were hit by a double-extortion ransomware variant, with the threat actors impersonating a real organization.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Pi Network Price Rebounds, Sparking Optimism Among Crypto Traders

The Pi Network price just bounced back 28%—enough to put it back on the radar. After a rough drop,...

Sarah Tavel, Benchmark’s first woman GP, transitions to venture partner

Eight years after joining Benchmark as the firm’s first woman general partner, Sarah Tavel announced on X that...

Green Bitcoin? Over 52% of Mining Now Uses Sustainable Energy

The latest Cambridge Centre for Alternative Finance report confirms the United States and Canada dominate global bitcoin mining,...

FTX Sues NFT Stars and Delysium Over Undelivered Tokens

FTX has initiated legal proceedings against NFT Stars Limited and Delysium, seeking to recover digital assets allegedly withheld...

Advertisement

Ripple CEO Eyes SWIFT’s Share—How High Can XRP Price Go?

Ripple CEO Brad Garlinghouse highlighted the potential to revolutionize the cross-border payments market, valued at hundreds of trillions...

Must read

Pi Network Price Rebounds, Sparking Optimism Among Crypto Traders

The Pi Network price just bounced back 28%—enough...

Sarah Tavel, Benchmark’s first woman GP, transitions to venture partner

Eight years after joining Benchmark as the firm’s...

You might also likeRELATED
Recommended to you