VMWare Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in VMware products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and data manipulation on the targeted system.
Note: CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 are actively exploited in the wild.
For CVE-2025-22224, a malicious actor with local administrative privileges may trigger this vulnerability to execute code as the virtual machine’s VMX process running on the host.
For CVE-2025-22225, a malicious actor with privileges may trigger an arbitrary kernel write leading to an escape of the sandbox.
For CVE-2025-22226, a malicious actor with administrative privileges may trigger this vulnerability to leak memory from the vmx process.
RISK: High Risk
TYPE: Operating Systems – VM Ware
Impact
- Remote Code Execution
- Information Disclosure
- Data Manipulation
System / Technologies affected
- VMware Cloud Foundation 4.5.x
- VMware Cloud Foundation 5.x
- VMware Fusion 13.x
- VMware ESXi 7.0
- VMware ESXi 8.0
- VMware Telco Cloud Infrastructure 2.x, 3.x, 4.x, 5.x
- VMware Telco Cloud Platform 2.x, 3.x
- VMware Workstation 17.x
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
