CVE ID
CVE-2025-22225
Vulnerability Name
VMware ESXi Arbitrary Write Vulnerability
- Project: VMware
- Product: ESXi
Date
- Date Added: 2025-03-04
- Due Date: 2025-03-25
Description
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22225
Related Security News
- Chinese hackers exploiting VMware zero-day since October 2024
- Broadcom fixes high-severity VMware NSX bugs reported by NSA
- Broadcom warns of authentication bypass in VMware Windows Tools
- ⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
- VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches
- Broadcom fixes three VMware zero-days exploited in attacks
Top comments (0)