VMware critical vulnerabilities patched

VMware Critical Vulnerabilities in ESXi, Workstation, and Fusion: Patches Released

Security Awareness /

VMware has released security updates to address multiple vulnerabilities affecting ESXi, Workstation, and Fusion. These flaws, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, enable attackers to execute arbitrary code, escape the virtual machine sandbox, and leak sensitive memory data. Exploitation of these vulnerabilities has been observed in the wild.

Affected Products:

  • VMware ESXi (versions 7.0, 8.0)
  • VMware Workstation (version 17.x)
  • VMware Fusion (version 13.x)
  • VMware Cloud Foundation (versions 4.x, 5.x)
  • VMware Telco Cloud Platform (versions 2.x, 3.x, 4.x, 5.x)
  • VMware Telco Cloud Infrastructure (versions 2.x, 3.x)

Vulnerability Details:

  1. CVE-2025-22224 – VMCI Heap Overflow (CVSS 9.3 – Critical)
    • A Time-of-Check to Time-of-Use (TOCTOU) issue in VMware ESXi and Workstation leads to an out-of-bounds write.
    • Attackers with local administrative access to a virtual machine can exploit this to execute arbitrary code as the VMX process on the host.
    • No workarounds are available. Patching is required.
  1. CVE-2025-22225 – ESXi Arbitrary Write (CVSS 8.2 – High)
    • A flaw in ESXi allows attackers with access to the VMX process to write arbitrary data to kernel memory, leading to potential sandbox escapes.
    • No workarounds exist. Updating to the fixed version is required.
  1. CVE-2025-22226 – HGFS Information Disclosure (CVSS 7.1 – High)
    • An out-of-bounds read in the HGFS file-sharing feature of ESXi, Workstation, and Fusion allows attackers with administrative VM access to leak memory contents.
    • No workarounds exist. Affected systems should be updated.

Confirmed Exploitation

VMware has confirmed the active exploitation of these vulnerabilities. Organizations using affected products should prioritize patching.

Fixed Versions:

VMware has released the following patched versions:

ProductFixed Version
ESXi 8.0ESXi80U3d-24585383, ESXi80U2d-24585300
ESXi 7.0ESXi70U3s-24585291
Workstation 17.x17.6.3
Fusion 13.x13.6.3
Cloud Foundation 5.x, 4.5.xAsync patch to latest ESXi updates
Telco Cloud PlatformKB389385
Telco Cloud InfrastructureKB389385

Recommended Actions:

  1. Apply security patches immediately using the fixed versions listed.
  2. Check for potential exploitation if your organization uses vulnerable versions.
  3. Monitor VMware’s security advisories for additional updates or mitigations.

Leave a Comment

Your email address will not be published. Required fields are marked *