Broadcom released safety references To eliminate the three actively operated vulnerabilities in the products of VMware ESXI, Workstation and Fusion, which are able to lead to code execution and information disclosure.
- The first vulnerability ( cve-2025-22224 ) received a critical score 9.3 on the Time-OF-Check Time-OF-CEF-EF-CETU (toctou). It can lead to exiting the borders of the memory when recording, which allows an attacker with local administrative privileges on a virtual machine to execute the code on behalf of the VMX process on the host.
- The second vulnerability ( cve-2025-2225 ) with an estimate of 8.2 is associated with an arbitrary data recording and can be used to withdraw from the isolated virtual machine environment.
- The third vulnerability ( cve-2025-22226 ) has a danger rating of 7.1 and allows the attacker with administrative privileges on the virtual machine to consider data from the memory of the VMX process, which leads to a leak of information.
The following versions of the software are subject to attack: VMware ESXI 8.0 and 7.0, VMware Workstation 17.x, VMware Fusion 13.x, as well as the VMware Cloud Foundation and VMware Telco Cloud platform. Broadcom has already released corrections that eliminate vulnerabilities, and strongly recommends that users install them as soon as possible.
Microsoft Threat Intelligence Center was the first to identify and reported on the problems found. Broadcom recognized the fact of attacks, but did not reveal the details about the methods of exploitation of vulnerability or groups of attackers using them in real attacks.
taking into account the active use of vulnerabilities in cyber attacks, the update of systems is a priority protection measure for users VMware.