💻 VMware security flaws are being exploited in the wild - Broadcom releases urgent fixes

chushpan

chushpan

Professional
Messages
998
Reaction score
849
Points
93
👉 Broadcom has released security updates to address three actively exploited flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure.

📰 The list of vulnerabilities is as follows.

▫️ CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) out-of-bounds write vulnerability that an attacker with local administrator privileges on a VM could use to execute code as a VMX process of a VM running on the host.
▫️ CVE-2025-22225 (CVSS score: 8.2) - An arbitrary write vulnerability that an attacker with privileges in the VMX process can use to escape the sandbox.
▫️ CVE-2025-22226 (CVSS score: 7.1) - An information disclosure vulnerability due to an out-of-bounds read in HGFS that an attacker with administrative privileges in the virtual machine can use to leak memory from the vmx process.
 
You must log in or register to reply here.

Similar threads

chushpan
✈️ Ongoing cyberattacks exploit critical vulnerabilities in Cisco Smart Licensing Utility
Replies
0
Views
87
chushpan
chushpan
chushpan
💻 Meta warns of FreeType vulnerability (CVE-2025-27363) with active exploitation risk
Replies
0
Views
131
chushpan
chushpan
Father
VMware fixes a number of Workstation and Fusion vulnerabilities discovered at the recent Pwn2Own
Replies
0
Views
89
Father
Father
Man
Zero-Day on Windows: Microsoft releases emergency update
Replies
0
Views
117
Man
Man
chushpan
💸 Elastic has released security updates to address a critical vulnerability in its Kibana data visualization software
Replies
0
Views
109
chushpan
chushpan
Back
Top