Ethical Hacking News
Broadcom has released urgent patches for three actively exploited VMware security flaws, which could lead to code execution and information disclosure. The affected versions include ESXi 8.0, Workstation 17.x, Fusion 13.x, Cloud Foundation 5.x, and Telco Cloud Platform 5.x.
Broadcom has released security patches for VMware ESXi, Workstation, and Fusion products to address three actively exploited vulnerabilities. The list of vulnerabilities includes a Time-of-Check (TOCTOU) vulnerability, an arbitrary write vulnerability, and an information disclosure vulnerability. The affected versions include VMware ESXi 8.0, VMware ESXi 7.0, VMware Workstation 17.x, VMware Fusion 13.x, and various other products. Exploitation of these issues has occurred "in the wild", highlighting the importance of applying latest patches for optimal protection.
In a recent update, Broadcom has released security patches to address three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion products. These vulnerabilities were discovered by the Microsoft Threat Intelligence Center, which highlights the importance of keeping software up-to-date in order to prevent exploitation.
The list of vulnerabilities includes:
* CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with local administrative privileges on a virtual machine could exploit to execute code as the virtual machine's VMX process running on the host.
* CVE-2025-22225 (CVSS score: 8.2) - An arbitrary write vulnerability that a malicious actor with privileges within the VMX process could exploit to result in a sandbox escape
* CVE-2025-22226 (CVSS score: 7.1) - An information disclosure vulnerability due to an out-of-bounds read in HGFS that a malicious actor with administrative privileges to a virtual machine could exploit to leak memory from the vmx process
The affected versions include:
VMware ESXi 8.0 - Fixed in ESXi80U3d-24585383, ESXi80U2d-24585300
VMware ESXi 7.0 - Fixed in ESXi70U3s-24585291
VMware Workstation 17.x - Fixed in 17.6.3
VMware Fusion 13.x - Fixed in 13.6.3
VMware Cloud Foundation 5.x - Async patch to ESXi80U3d-24585383
VMware Cloud Foundation 4.x - Async patch to ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x - Fixed in ESXi 7.0U3s, ESXi 8.0U2d, and ESXi 8.0U3d
VMware Telco Cloud Infrastructure 3.x, 2.x - Fixed in ESXi 7.0U3s
Broadcom has acknowledged that exploitation of these issues has occurred "in the wild," but did not elaborate on the nature of the attacks or the identity of the threat actors that have weaponized them.
In light of active exploitation, it is essential that users apply the latest patches for optimal protection. This highlights the importance of staying informed and up-to-date with security patches to prevent vulnerabilities from being exploited.
Related Information:
https://www.ethicalhackingnews.com/articles/Broadcom-Releases-Urgent-Patches-for-Exploited-VMware-Security-Flaws-ehn.shtml
https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
https://nvd.nist.gov/vuln/detail/CVE-2025-22224
https://www.cvedetails.com/cve/CVE-2025-22224/
https://nvd.nist.gov/vuln/detail/CVE-2025-22225
https://www.cvedetails.com/cve/CVE-2025-22225/
https://nvd.nist.gov/vuln/detail/CVE-2025-22226
https://www.cvedetails.com/cve/CVE-2025-22226/
Published: Tue Mar 4 11:16:50 2025 by llama3.2 3B Q4_K_M
