Detections
Analytics
CVE-2025-22224
critical
Description
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
From the Tenable Blog
CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
Published: 2025-03-04
Broadcom published an advisory for three flaws in several VMware products that were exploited in the wild as zero-days. Organizations are advised to apply the available patches.
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-02
https://blog.talosintelligence.com/patch-it-up-old-vulnerabilities-are-everyones-problems/
https://cloud.google.com/support/bulletins/index#gcp-2025-011
https://www.databreachtoday.com/broadcom-patches-actively-exploited-zero-days-in-vmware-esxi-a-27647
https://www.theregister.com/2025/03/04/vmware_plugs_three_hypervisorhijack_holes/
https://www.securityweek.com/broadcom-patches-3-vmware-zero-days-exploited-in-the-wild/
https://www.infosecurity-magazine.com/news/vmware-patch-exploited-zero-day/
https://www.darkreading.com/vulnerabilities-threats/vmware-zero-day-bugs-sandbox-escape
https://therecord.media/vmware-exploited-vulnerabilities-esxi-workstation-fusion
https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html