Close Menu
VMware

VMSA-2025-0004: Critical VMware Vulnerabilities: Why You Should Patch Right Away

VMware has issued a critical security advisory (VMSA-2025-0004) warning of active exploitation of three vulnerabilities in its ESXi, Workstation, and Fusion products.
Catalin CristescuBy 38 Views
Urgent Patch Alert VMware Security

VMSA-2025-0004: If you’re running VMware ESXi, Workstation, or Fusion, you need to take action immediately. Broadcom recently issued critical patches for three major security vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) that are actively being exploited in the wild. These vulnerabilities could lead to code execution, information disclosure, and sandbox escapes—posing a serious risk to your infrastructure.

What’s at Risk?

Attackers with administrative access to a compromised virtual machine can use these vulnerabilities to escape the VM sandbox and target the hypervisor itself.

  • CVE-2025-22224 (TOCTOU vulnerability): Allows malicious actors to execute arbitrary code on the host.
  • CVE-2025-22225 (Arbitrary write flaw): Enables attackers to escape the VM sandbox.
  • CVE-2025-22226 (Information disclosure bug): Leaks memory from the VMX process.

According to Broadcom, there is confirmed evidence that these vulnerabilities are being actively exploited, though details about the attackers remain undisclosed.

Urgent Patch Updates

If your VMware infrastructure is affected, you should apply the latest security patches immediately. Below is the Response Matrix for affected VMware products and their fixed versions:

VMware ProductVersionCVECVSSv3 ScoreSeverityFixed Version
VMware ESXi8.0CVE-2025-22224, CVE-2025-22225, CVE-2025-222269.3, 8.2, 7.1CriticalESXi80U3d-24585383, ESXi80U2d-24585300
VMware ESXi7.0CVE-2025-22224, CVE-2025-22225, CVE-2025-222269.3, 8.2, 7.1CriticalESXi70U3s-24585291
VMware Workstation17.xCVE-2025-22224, CVE-2025-222269.3, 7.1Critical17.6.3
VMware Fusion13.xCVE-2025-222267.1Important13.6.3
VMware Cloud Foundation5.xCVE-2025-22224, CVE-2025-22225, CVE-2025-222269.3, 8.2, 7.1CriticalAsync patch to ESXi80U3d-24585383
VMware Cloud Foundation4.5.xCVE-2025-22224, CVE-2025-22225, CVE-2025-222269.3, 8.2, 7.1CriticalAsync patch to ESXi70U3s-24585291
VMware Telco Cloud Platform5.x, 4.x,
3.x, 2.x		CVE-2025-22224, CVE-2025-22225, CVE-2025-222269.3, 8.2, 7.1CriticalKB389385
VMware Telco Cloud Infrastructure3.x, 2.xCVE-2025-22224, CVE-2025-22225, CVE-2025-222269.3, 8.2, 7.1CriticalKB389385

Act Now: Apply Patches

To stay secure, apply these updates immediately by downloading the patches from VMware’s official advisory. Delaying could expose your infrastructure to active exploits.

I’m the founder of TechnicalTerm.com and a Wintel & Virtualization Consultant with more than seven years of hands-on experience. I’ve served as a Wintel & Virtualization Consultant and DevOps professional. Along the way, I’ve managed multiple VMware vSphere environments, handled Windows OS support, and implemented automated provisioning processes using VMware Aria solutions like vRA and vRO. My dedication to virtualization earned me the vExpert award and VMware Certified Implementation Expert – Data Center Virtualization certification, reflecting my passion for streamlining data centers and IT operations.

Related Posts

Leave A Reply