Critical VMware Vulnerabilities: Exploited Security Flaws in ESXi, Workstation, and Fusion Products

By /

Listen to this Post

Broadcom has recently issued critical security updates addressing three significant vulnerabilities in VMware’s ESXi, Workstation, and Fusion products. These vulnerabilities, which are actively being exploited, could potentially allow attackers to execute arbitrary code or gain unauthorized access to sensitive information. This article breaks down the identified flaws, their severity, and the necessary actions for users to secure their systems.

the Vulnerabilities

Broadcom has identified three serious security vulnerabilities across

  • CVE-2025-22224 (CVSS 9.3): A Time-of-Check Time-of-Use (TOCTOU) vulnerability allowing local attackers to execute code on the host system’s VMX process by exploiting an out-of-bounds write.

  • CVE-2025-22225 (CVSS 8.2): An arbitrary write vulnerability in the VMX process, allowing attackers with privileges to break out of the sandbox.

  • CVE-2025-22226 (CVSS 7.1): An information disclosure flaw due to an out-of-bounds read in the HGFS component, enabling attackers with administrative privileges to leak memory from the VMX process.

These flaws affect various versions of VMware products, and patches have been issued to address them. Broadcom also acknowledged that these vulnerabilities are actively exploited in the wild, but the specifics of the attacks and the identity of the threat actors remain unclear.

Impacted Versions

The vulnerabilities impact the following VMware products:

  • VMware ESXi 8.0 – Fixed in ESXi80U3d-24585383 and ESXi80U2d-24585300

– VMware ESXi 7.0 – Fixed in ESXi70U3s-24585291

– VMware Workstation 17.x – Fixed in 17.6.3

– VMware Fusion 13.x – Fixed in 13.6.3

  • VMware Cloud Foundation 5.x – Fixed in ESXi80U3d-24585383
  • VMware Telco Cloud Platform – Fixed across multiple versions, including ESXi 8.0U3d and ESXi 7.0U3s

Broadcom credits the Microsoft Threat Intelligence Center for discovering and reporting these flaws, urging users to apply the patches immediately to avoid potential exploitation.

What Undercode Says:

The reported vulnerabilities in VMware’s ESXi, Workstation, and Fusion products highlight an alarming trend: the exploitation of critical flaws that could allow attackers to take control of virtualized environments or leak sensitive data. With these vulnerabilities rated as high severity—CVE-2025-22224, for example, has a CVSS score of 9.3—organizations need to act swiftly to mitigate potential risks.

One of the most concerning aspects of this discovery is that Broadcom confirmed active exploitation of the vulnerabilities “in the wild.” This reinforces the urgency for system administrators to implement the patches as soon as possible. The fact that these flaws have been weaponized in real-world attacks adds a layer of complexity and danger to the situation, as attackers can use them to escalate privileges, escape sandboxes, or even exfiltrate sensitive information.

The vulnerabilities also raise questions about the security of hypervisors and virtual environments, which are often seen as isolated from the rest of the system. The presence of vulnerabilities that allow arbitrary code execution and sandbox escapes means attackers could bypass these isolated environments and potentially gain access to the underlying host systems or networks.

While Broadcom has not disclosed specifics about the nature of the attacks or the threat actors behind them, the fact that these vulnerabilities are being exploited suggests they have significant value on the black market. This highlights the importance of regular updates and patch management for all virtualized systems, particularly those in production environments where downtime or breaches can lead to major operational disruptions.

VMware’s recognition of these flaws and the issuance of patches reflects a proactive approach, but it also emphasizes how quickly cyber threats evolve. Exploits in virtualized environments are a growing concern as attackers develop increasingly sophisticated methods to bypass traditional security measures.

Fact Checker Results

  • Active Exploitation Confirmed: Broadcom’s acknowledgment that these vulnerabilities are being exploited “in the wild” reinforces the urgency for users to patch their systems immediately.

  • Patch Availability: Patches have been released for various VMware products, but some users may need to manually implement them, depending on the system version.

  • Source of Discovery: The Microsoft Threat Intelligence Center played a critical role in identifying and reporting these vulnerabilities, contributing significantly to the timely response.

References:

Reported By: https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html
Extra Source Hub:
https://www.digitaltrends.com
Wikipedia: https://www.wikipedia.org
Undercode AI

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2Featured Image

Explore More: