90/68 Thursday, March 6, 2025
Broadcom has released security updates to address three actively exploited zero-day vulnerabilities in VMware ESX products. These vulnerabilities affect VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. The Microsoft Threat Intelligence Center discovered these flaws, noting that attackers with Administrator or Root privileges in a virtual machine (VM) could exploit them to escape the sandbox environment and gain access to the hypervisor host.
Details of the Vulnerabilities:
- CVE-2025-22224 (CVSS 9.3) – VMCI Heap Overflow:
A TOCTOU (Time-of-Check Time-of-Use) vulnerability in VMware ESXi and Workstation that could lead to Out-of-Bounds Write. Attackers with high privileges in a VM could exploit this flaw to execute code at the VMX level on the host. - CVE-2025-22225 (CVSS 8.2) – Arbitrary Write:
A vulnerability within the VMX process of ESXi, which may allow attackers to escape the sandbox environment and gain access to the hypervisor host. - CVE-2025-22226 (CVSS 7.1) – Data Leak via HGFS:
An Out-of-Bounds Read vulnerability impacting VMware ESXi, Workstation, and Fusion, which could enable attackers to extract data from the VMX process memory.
VMware has not disclosed details regarding the attacks or threat actors behind these exploits. Therefore, users and system administrators are strongly advised to apply the latest patches immediately to mitigate the risk of exploitation.
