Important Zero-Day Vulnerabilities Present in These VMware Merchandise -

Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, found by Microsoft’s Risk Intelligence Heart. The failings, which had been being leveraged in real-world assaults on the time of discovery, might permit attackers with administrator or root entry to a digital machine to breach the underlying hypervisor, probably exposing all related VMs and delicate knowledge.

How do these vulnerabilities work?

If a risk actor positive aspects administrative entry to a digital machine’s visitor OS, they will escalate privileges and break into the hypervisor. As soon as inside, they may manipulate or entry different digital machines operating on the identical hypervisor, posing a major safety danger.

The three vulnerabilities are:

CVE-2025-22224: A Time-of-Test Time-of-Use (TOCTOU) vulnerability in VMware ESXi and Workstation which may result in an out-of-bounds write situation if an attacker already has admin privileges.
CVE-2025-22225: An arbitrary write vulnerability in VMware ESXi.
CVE-2025-22226: An data disclosure vulnerability in VMware ESXi, Workstation, and Fusion that might be used to leak reminiscence.

To remediate the vulnerabilities, clients ought to apply the patches present in Broadcom’s notification. All variations of VMware ESX, VMware vSphere, VMware Cloud Basis, or VMware Telco Cloud Platform are affected, besides these with the most recent replace.

SEE: Google Chrome’s swap to Manifest V3 continues to interrupt advert blockers resembling uBlock Origin.

Which merchandise are affected?

The next merchandise are affected by all three CVEs (via Rapid7):

Broadcom VMware ESXi 7.0 and eight.0.
Broadcom VMware Cloud Basis 4.5.x and 5.x.
Broadcom VMware Telco Cloud Platform 5.x, 4.x, 3.x, and a couple of.x.
Broadcom VMware Telco Cloud Infrastructure 3.x and a couple of.x.

The next product is susceptible to CVE-2025-22224 and CVE-2025-22226 particularly:

Broadcom VMware Workstation 17.x.

The next product is susceptible to CVE-2025-22226 particularly:

Broadcom VMware Fusion 13.x.

VMware’s Dwell Patch function won’t apply the patches routinely on this case.

VMware Cloud Basis Operations, Automation, Aria Suite, and VMware NSX usually are not affected.

Final yr, VMware ESXi servers had been hit by a double-extortion ransomware variant, with the risk actors impersonating an actual group.

Important Zero-Day Vulnerabilities Present in These VMware Merchandise

How do these vulnerabilities work?

Which merchandise are affected?

Leave a Reply Cancel reply

Famed AI researcher launches controversial startup to exchange all human employees in every single place | TechCrunch

An AI Buyer Service Chatbot Made Up a Firm Coverage—and Created a Mess

In Haste, you gotta go quick

Google is in additional hazard than ever of being damaged up

Trump administration decides to fund CVE cybersecurity tracker in any case

The CVE program for monitoring safety flaws is about to lose federal funding

4chan’s ‘cesspool of the web’ is down after apparently being hacked

NSA director fired after Trump’s assembly with right-wing influencer Laura Loomer

Famed AI researcher launches controversial startup to exchange all human employees in every single place | TechCrunch

An AI Buyer Service Chatbot Made Up a Firm Coverage—and Created a Mess