Broadcom patchrated three vulnerabilities to zero days actively in Vmware ESXI, Workstation and Fusion, found by the Microsoft Threat Intelligence Center. The defects, which have been exploited in assaults of the true world on the time of the invention, may permit attackers with the administrator or entry to the foundation to a digital machine to violate the underlying hypervisor, doubtlessly exposing all linked VMs and delicate knowledge.
How do these vulnerabilities work?
If a menace actor will get administrative entry to the working system visitor of a digital machine, he can intensify privileges and enter the Hypervisor. Once inside, they may manipulate or entry different digital machines operating on Hypervisor himself, inserting a major threat for security.
The three vulnerabilities are:
- CVE-2025-22224: A vulnerability of the time management time (Toctu) in VMware ESXI and Workstation which may result in an out of restrict writing situation if an attacker already has administration privileges.
- CVE-2025-22225: A vulnerability of arbitrary writing in VMware ESXI.
- CVE-2025-22226: A vulnerability of dissemination of knowledge in VMware ESXI, Workstation and Fusion that may very well be used to lose reminiscence.
To resolve vulnerabilities, prospects ought to apply the patches present in Broadcom notification. All variations of VMware ESX, VMware VSPhere, VMware Cloud Foundation or VMware Telco Cloud Platform have an interest, aside from these with the brand new replace.
SEE: Google Chrome’s passage to Manifest V3 Continue to interrupt adverts blocking comparable to Ublock Origin.
Which merchandise have an interest?
The following merchandise are influenced by all three CVE (via rapid7)
- Broadcom VMware ESXI 7.0 and eight.0.
- Broadcom VMware Cloud Foundation 4.5.XE 5.X.
- Cloud platform Telco VMware Broadcom 5.x, 4.X, 3.XE 2.X.
- Broadcom VMware Telco Cloud Infrastructure 3.XE 2.X.
The following product is susceptible to CVE-2025-22224 and CVE-2025-22226 specifically:
- Broadcom VMware Workstation 17.x.
The following product is susceptible to CVE-2025-22226 specifically:
- Broadcom VMware Fusion 13.x.
VMware’s stay patch perform is not going to mechanically apply patches on this case.
VMware Cloud Foundation Operations, Automation, Air Suite and VMware NSX will not be .
Last 12 months, ESXI VMware servers have been affected by a variant of double extortion ransomware, with the actors of the threats that impersonate an actual group.
