VMSA-2025-0004: If you’re running VMware ESXi, Workstation, or Fusion, you need to take action immediately. Broadcom recently issued critical patches for three major security vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) that are actively being exploited in the wild. These vulnerabilities could lead to code execution, information disclosure, and sandbox escapes—posing a serious risk to your infrastructure.
What’s at Risk?
Attackers with administrative access to a compromised virtual machine can use these vulnerabilities to escape the VM sandbox and target the hypervisor itself.
- CVE-2025-22224 (TOCTOU vulnerability): Allows malicious actors to execute arbitrary code on the host.
- CVE-2025-22225 (Arbitrary write flaw): Enables attackers to escape the VM sandbox.
- CVE-2025-22226 (Information disclosure bug): Leaks memory from the VMX process.
According to Broadcom, there is confirmed evidence that these vulnerabilities are being actively exploited, though details about the attackers remain undisclosed.
Urgent Patch Updates
If your VMware infrastructure is affected, you should apply the latest security patches immediately. Below is the Response Matrix for affected VMware products and their fixed versions:
VMware Product | Version | CVE | CVSSv3 Score | Severity | Fixed Version |
---|---|---|---|---|---|
VMware ESXi | 8.0 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | ESXi80U3d-24585383, ESXi80U2d-24585300 |
VMware ESXi | 7.0 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | ESXi70U3s-24585291 |
VMware Workstation | 17.x | CVE-2025-22224, CVE-2025-22226 | 9.3, 7.1 | Critical | 17.6.3 |
VMware Fusion | 13.x | CVE-2025-22226 | 7.1 | Important | 13.6.3 |
VMware Cloud Foundation | 5.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | Async patch to ESXi80U3d-24585383 |
VMware Cloud Foundation | 4.5.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | Async patch to ESXi70U3s-24585291 |
VMware Telco Cloud Platform | 5.x, 4.x, 3.x, 2.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | KB389385 |
VMware Telco Cloud Infrastructure | 3.x, 2.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | KB389385 |
Act Now: Apply Patches
To stay secure, apply these updates immediately by downloading the patches from VMware’s official advisory. Delaying could expose your infrastructure to active exploits.