Broadcom has launched safety updates to deal with three actively exploited safety flaws in VMware ESXi, Workstation, and Fusion merchandise that would result in code execution and data disclosure.
The record of vulnerabilities is as follows –
- CVE-2025-22224 (CVSS rating: 9.3) – A Time-of-Test Time-of-Use (TOCTOU) vulnerability that results in an out-of-bounds write, which a malicious actor with native administrative privileges on a digital machine may exploit to execute code because the digital machine’s VMX course of working on the host
- CVE-2025-22225 (CVSS rating: 8.2) – An arbitrary write vulnerability {that a} malicious actor with privileges inside the VMX course of may exploit to end in a sandbox escape
- CVE-2025-22226 (CVSS rating: 7.1) – An data disclosure vulnerability resulting from an out-of-bounds learn in HGFS {that a} malicious actor with administrative privileges to a digital machine may exploit to leak reminiscence from the vmx course of
The shortcomings influence the beneath variations –
- VMware ESXi 8.0 – Mounted in ESXi80U3d-24585383, ESXi80U2d-24585300
- VMware ESXi 7.0 – Mounted in ESXi70U3s-24585291
- VMware Workstation 17.x – Mounted in 17.6.3
- VMware Fusion 13.x – Mounted in 13.6.3
- VMware Cloud Basis 5.x – Async patch to ESXi80U3d-24585383
- VMware Cloud Basis 4.x – Async patch to ESXi70U3s-24585291
- VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x – Mounted in ESXi 7.0U3s, ESXi 8.0U2d, and ESXi 8.0U3d
- VMware Telco Cloud Infrastructure 3.x, 2.x – Mounted in ESXi 7.0U3s
In a separate FAQ, Broadcom acknowledged that it has “data to counsel that exploitation of those points has occurred ‘within the wild,’ nevertheless it didn’t elaborate on the character of the assaults or the id of the risk actors which have weaponized them.
The virtualization companies supplier credited the Microsoft Risk Intelligence Middle for locating and reporting the bugs. In mild of lively exploitation, it is important that customers apply the newest patches for optimum safety.
#VMware #Safety #Flaws #Exploited #WildBroadcom #Releases #Pressing #Patches
Azeem Rajpoot, the author behind This Blog, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology.
With a background in Blogging, Azeem Rajpoot brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions.
Follow Azeem on this exciting tech journey to stay updated and inspired.
