Now a Broadcom company, VMware has released urgent security updates to address several high-severity vulnerabilities affecting its flagship virtualization products: VMware ESXi, Workstation, and Fusion.
The security advisory, identified as VMSA-2025-0004, details three distinct vulnerabilities—CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226—with CVSSv3 base scores ranging from 7.1 to 9.3, placing them in the “Critical” and “Important” severity categories1.
The impacted products include:
- VMware ESXi (versions 7.0 and 8.0)
- VMware Workstation Pro/Player (17.x)
- VMware Fusion (13.x)
- VMware Cloud Foundation (4.5.x, 5.x)
- VMware Telco Cloud Platform and Infrastructure (multiple versions)1
Technical Breakdown: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226
CVE-2025-22224: VMCI Heap-Overflow (TOCTOU) Vulnerability
This vulnerability is caused by a Time-of-Check to Time-of-Use (TOCTOU) flaw in the Virtual Machine Communication Interface (VMCI).
It leads to an out-of-bounds write, which can be exploited by a malicious actor with local administrative privileges on a virtual machine.
Successful exploitation allows the attacker to execute arbitrary code as the VMX process on the host, potentially compromising the entire host system.
With a CVSSv3 score of 9.3, this is the most severe of the three vulnerabilities.
CVE-2025-22225: Arbitrary Write Vulnerability
Exclusive to VMware ESXi, this vulnerability allows a privileged attacker within the VMX process to trigger an arbitrary kernel write.
This could enable a sandbox escape, granting the attacker unauthorized access to the underlying host system. The issue is rated “Important” with a maximum CVSSv3 base score of 8.21.
CVE-2025-22226: HGFS Information Disclosure Vulnerability
Present in ESXi, Workstation, and Fusion, this flaw is due to an out-of-bounds read in the Host Guest File System (HGFS).
Attackers with administrative access to a virtual machine can exploit this to leak memory from the VMX process, potentially exposing sensitive data. The CVSSv3 score for this vulnerability is 7.11.
Response, Resolution, and Recommendations
All three vulnerabilities have been confirmed as exploited in the wild, heightening the urgency for customers to apply the available patches.
VMware has released fixed versions for each affected product, as detailed in their response matrix. For example, ESXi users should update to ESXi80U3d-24585383 or ESXi70U3s-24585291, while Workstation users should move to version 17.6.3 and Fusion users to 13.6.31.
There are currently no workarounds for these vulnerabilities.
VMware strongly urges all customers to consult the official documentation and apply the relevant patches immediately to mitigate risk.
Additional technical details and FAQs are available on VMware’s support portal.
Example CVE Code References
- CVE-2025-22224: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22224
- CVE-2025-22225: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22225
- CVE-2025-22226: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22226
Industry Impact and Acknowledgements
These vulnerabilities pose significant risks to organizations relying on VMware’s virtualization stack, particularly in cloud, enterprise, and telco environments.
The issues were reported by the Microsoft Threat Intelligence Center, and VMware has acknowledged that exploitation has already occurred in the wild.
Administrators are advised to monitor VMware’s security advisories and apply updates without delay to protect their infrastructure from potential compromise.
For further guidance, refer to VMware’s supplemental FAQ and official documentation.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?resize=1600,900&ssl=1&description=Now a Broadcom company, VMware has released urgent security updates to address several high-severity vulnerabilities){kind=link}