Three Critical Vulnerabilities Affecting VMware Products
Broadcom, the parent company of VMware, has released security updates to address multiple vulnerabilities affecting VMware ESXi, Workstation, Fusion, and other VMware products. The vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, range in severity from 7.1 to 9.3 on the CVSSv3 scale, making them critical for administrators to address immediately.
Details of the Vulnerabilities
- CVE-2025-22224: VMCI Heap-Overflow Vulnerability (Critical – CVSS 9.3)
- This vulnerability arises from a Time-of-Check Time-of-Use (TOCTOU) flaw, which leads to an out-of-bounds write in VMware ESXi.
- Impact: A malicious actor with local administrative privileges on a virtual machine may exploit this vulnerability to execute arbitrary code as the VMX process on the host.
- Confirmed Exploitation: VMware has acknowledged that this vulnerability has already been exploited in the wild.
- CVE-2025-22225: Arbitrary Write Vulnerability in VMware ESXi (Important – CVSS 8.2)
- This vulnerability allows a privileged user within the VMX process to execute arbitrary kernel writes, potentially escaping the sandbox and compromising the host system.
- Impact: A successful exploit could result in elevated privileges and system compromise.
- CVE-2025-22226: HGFS Information Disclosure Vulnerability (Important – CVSS 7.1)
- This vulnerability in the VMware Host-Guest File System (HGFS) leads to an out-of-bounds read, allowing attackers to leak memory from the VMX process.
- Impact: Attackers with administrative privileges within a virtual machine could exploit this vulnerability to gain access to sensitive data.
Affected Products and Fixed Versions
| VMware Product | Affected Versions | CVE | Severity | Fixed Version |
|---|---|---|---|---|
| VMware ESXi | 8.0, 7.0 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | Critical | ESXi80U3d-24585383, ESXi70U3s-24585291 |
| VMware Workstation | 17.x | CVE-2025-22224, CVE-2025-22226 | Critical | 17.6.3 |
| VMware Fusion | 13.x | CVE-2025-22226 | Important | 13.6.3 |
| VMware Cloud Foundation | 5.x, 4.5.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | Critical | Async patch (KB88287) |
| VMware Telco Cloud Platform | 5.x, 4.x, 3.x, 2.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | Critical | KB389385 |
No Workarounds Available – Patching is Mandatory
VMware has stated that no workarounds exist for these vulnerabilities. Organizations using affected VMware products must apply the security patches as soon as possible to mitigate the risks.
How to Apply the Fix
- Identify the affected VMware product and version used in your environment.
- Download the relevant patches from VMware’s official support portal.
- Follow VMware’s documentation to apply the update and restart services to ensure the fix is in place.
- Verify system logs to check for any previous exploit attempts.
Urgency of the Update
These vulnerabilities are highly critical, especially CVE-2025-22224, which has already been exploited in real-world attacks. Organizations that rely on VMware ESXi, Workstation, and Fusion for virtualization should prioritize patching to prevent potential breaches.
For more information and to access the official advisory, visit:
🔗 VMware Security Advisory (VMSA-2025-0004).
