CyberSecurity news
FlagThis
Ashish Khaitan@The Cyber Express
//
CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog to include critical vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Linux kernel. These flaws are actively being exploited, posing a significant risk, particularly for federal government organizations. Rapid patching is essential to mitigate the active cyber threats associated with these vulnerabilities.
The identified VMware vulnerabilities, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow for remote code execution (RCE) and privilege escalation. Specifically, CVE-2025-22224 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability with a CVSSv3 score of 9.3, classified as Critical. The affected systems include various versions of VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform, with updated versions available to address the flaws.
References :
The identified VMware vulnerabilities, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow for remote code execution (RCE) and privilege escalation. Specifically, CVE-2025-22224 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability with a CVSSv3 score of 9.3, classified as Critical. The affected systems include various versions of VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform, with updated versions available to address the flaws.
Share:
References :
- thecyberexpress.com: CISA Expands Known Exploited Vulnerabilities Catalog with Four Critical Issues
- research.kudelskisecurity.com: Critical VMware ESXi, Workstation, Fusion Vulnerabilities Seen Exploited in Wild
Classification:
- HashTags: #CISA #Vulnerability #Exploitation
- Company: CISA
- Target: Businesses
- Attacker: CISA
- Product: Linux Kernel, VMware
- Feature: Vulnerability Management
- Malware: CVE-2024-50302, CVE-2025-22225, CVE-2025-22224, CVE-2025-22226
- Type: Vulnerability
- Severity: Major