CyberSecurity news

FlagThis

@csoonline.com //
Three critical zero-day vulnerabilities have been discovered in VMware products, including ESXi, Workstation, and Fusion. Tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, these flaws are actively being exploited in the wild. Microsoft's Threat Intelligence Center (MSTIC) uncovered these vulnerabilities on March 4th. Chaining these three vulnerabilities together allows an attacker to escape a virtual machine and gain access to the ESXi hypervisor.

These vulnerabilities impact a wide range of VMware products, including VMware ESXi, Workstation Pro/Player, Fusion, Cloud Foundation, and Telco Cloud Platform. Successful exploitation could grant attackers unauthorized access to systems, enabling them to execute arbitrary code remotely and escalate privileges. VMware has released patches to address these issues, and CISA has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging immediate patching.
Original img attribution: https://www.csoonline.com/wp-content/uploads/2025/03/3837874-0-94285400-1741117572-VMware-sign.jpg?quality=50&strip=all&w=1024
ImgSrc: www.csoonline.c

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom.
  • securityaffairs.com: VMware fixed three actively exploited zero-days in ESX products
  • www.csoonline.com: VMware ESXi gets critical patches for in-the-wild virtual machine escape attack.
  • research.kudelskisecurity.com: Summary On March 4th, Microsoft’s Threat Intelligence Center (MSTIC) uncovered three critical vulnerabilities in VMware products that are being actively exploited in the wild. Affected
  • www.tenable.com: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
  • fortiguard.fortinet.com: Multiple zero-day vulnerabilities have been identified in VMware's ESXi, Workstation, and Fusion products. VMware has confirmed that these vulnerabilities are being actively exploited in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) has included them in its Known Exploited Vulnerabilities Catalog due to evidence of such exploitation.
  • The Register - Software: VMware splats guest-to-hypervisor escape bugs already exploited in wild The heap overflow zero-day in the memory unsafe code by Miss Creant Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.…
  • Blog: Key Takeaways Three zero-day vulnerabilities have been discovered in VMware products, tracked as CVE-2025-22224 , CVE-2025-22225 , and CVE-2025-22226 . Nearly all supported and unsupported VMware products are impacted, including VMware ESXi, VMware Workstation Pro / Player (Workstation), VMware Fusion, VMware Cloud Foundation, and VMware Telco Cloud Platform. Chaining these 3 vulnerabilities together allows an attacker to escape or “break outâ€� of a “childâ€� Virtual Machine (VM), gain access to the “parentâ€� ESXi Hypervisor, and potentially access any other accessible VM as well as gain access to the management network of the exposed VMware cluster.
Classification:
  • HashTags: #VMware #ZeroDay #ESXi
  • Company: VMware
  • Target: VMware ESXi, Workstation, Fusion Users
  • Attacker: Microsoft Threat Intelligence Center
  • Product: ESXi, Workstation, Fusion
  • Feature: Hypervisor Escape
  • Malware: ESXicape
  • Type: 0Day
  • Severity: Disaster