Cyber security news for all

More

    VMware Security Vulnerabilities Exploited—Broadcom Issues Critical Fixes

    In a move to counteract ongoing cyber threats, Broadcom has urgently rolled out security patches addressing three critical vulnerabilities actively exploited in VMware ESXi, Workstation, and Fusion. These flaws open the door to remote code execution and data leakage, posing a substantial risk to virtualized environments.

    Catalog of Exploited Weaknesses:

    • CVE-2025-22224 (CVSS 9.3): A Time-of-Check to Time-of-Use (TOCTOU) flaw facilitating an out-of-bounds write. A threat actor with administrative control over a virtual machine could exploit this to run arbitrary code within the VMX process on the host system.
    • CVE-2025-22225 (CVSS 8.2): A sandbox-escape vulnerability stemming from an arbitrary write weakness. If leveraged, an attacker inside the VMX process could breach containment and execute malicious actions.
    • CVE-2025-22226 (CVSS 7.1): An out-of-bounds read vulnerability in HGFS allowing an adversary with admin-level VM privileges to siphon memory data from the VMX process.

    Impacted VMware Releases & Patch Fixes:

    • VMware ESXi 8.0: Mitigated in ESXi80U3d-24585383, ESXi80U2d-24585300
    • VMware ESXi 7.0: Fixed in ESXi70U3s-24585291
    • VMware Workstation 17.x: Remediated in 17.6.3
    • VMware Fusion 13.x: Addressed in 13.6.3
    • VMware Cloud Foundation 5.x: Async patch via ESXi80U3d-24585383
    • VMware Cloud Foundation 4.x: Async patch via ESXi70U3s-24585291
    • VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x: Patched in ESXi 7.0U3s, ESXi 8.0U2d, ESXi 8.0U3d
    • VMware Telco Cloud Infrastructure 3.x, 2.x: Fixed in ESXi 7.0U3s

    Exploitation Confirmed in the Wild

    Broadcom has acknowledged that these vulnerabilities have been exploited in real-world attacks, though specifics regarding attack methodology, threat actor identity, and operational impact remain undisclosed. The company emphasized the imperative need for administrators to immediately deploy security patches to neutralize risks.

    The Microsoft Threat Intelligence Center has been credited for uncovering these security lapses and reporting them. Given the active weaponization of these vulnerabilities, organizations must act swiftly to fortify their virtual infrastructure against emerging threats.

    Recent Articles

    Related Stories