Ethical Hacking News
New VMware hyperjacking vulnerabilities pose a catastrophic risk to virtual machine environments, potentially allowing hackers to breach even the most secure boundaries within customers' networks. Three critical vulnerabilities have been identified that could allow attackers to traverse multiple customer VMs and gain access to sensitive environments with ease.
VMware has issued a warning about three critical vulnerabilities in multiple virtual-machine products. These vulnerabilities, known as hyperjacking, hypervisor attack, or virtual machine escape, can give hackers unusually broad access to sensitive environments within customers' networks. The vulnerabilities are: CVE-2025-22224 (heap overflow), CVE-2025-22225 (arbitrary write), and CVE-2025-22226 (information-disclosure vulnerability). The US Cybersecurity and Infrastructure Security Agency has added all three vulnerabilities to its list of Known Exploited Vulnerabilities. Organizations that rely on VMware's affected products must investigate thoroughly to ensure their networks are safe from this particular threat.
VMware has recently issued a warning about three critical vulnerabilities in multiple virtual-machine products, which can give hackers unusually broad access to sensitive environments within customers' networks. These vulnerabilities are known as hyperjacking, hypervisor attack, or virtual machine escape and have the potential to break through even the most secure boundaries.
According to security researcher Kevin Beaumont, these types of attacks can allow an attacker to traverse VMware managed hosting providers, private clouds, and on-premises environments with ease. The attackers could potentially gain access to every system within a hypervisor, rendering the boundary between isolated VM environments completely meaningless.
The vulnerabilities in question are:
* CVE-2025-22224: A heap overflow in the Virtual Machine Communication Interface with a severity rating of 9.3 out of a possible 10.
* CVE-2025-22225: An arbitrary write vulnerability with a severity rating of 8.2.
* CVE-2025-22226: An information-disclosure vulnerability in the host-guest file system with a severity rating of 7.1.
The VMware advisory did not classify these vulnerabilities as being remotely exploitable, but Beaumont and other security experts argue that this distinction may be misleading. They note that an attacker does not need to be physically present at the VM to carry out the attack; they can do it over the internet if they have access to any VM.
The US Cybersecurity and Infrastructure Security Agency has already added all three vulnerabilities to its list of Known Exploited Vulnerabilities, indicating a high level of threat. Organizations that rely on VMware's affected products must investigate thoroughly to ensure their networks are safe from this particular threat.
In light of these findings, the exploitation of virtual machine software is proven to be one of the most common methods by which malicious actors gain access into some of the world's most secure networks. Any organization using any of the affected products should pay close attention to this potential vulnerability and take steps to protect their systems from such an attack.
Related Information:
https://www.ethicalhackingnews.com/articles/New-VMware-Hyperjacking-Vulnerabilities-Pose-Catastrophic-Risk-to-Virtual-Machine-Environments-ehn.shtml
https://arstechnica.com/security/2025/03/vmware-patches-3-critical-vulnerabilities-in-multiple-product-lines/
https://macmegasite.com/2025/03/04/threat-posed-by-new-vmware-hyperjacking-vulnerabilities-is-hard-to-overstate/
https://nvd.nist.gov/vuln/detail/CVE-2025-22224
https://www.cvedetails.com/cve/CVE-2025-22224/
https://nvd.nist.gov/vuln/detail/CVE-2025-22225
https://www.cvedetails.com/cve/CVE-2025-22225/
https://nvd.nist.gov/vuln/detail/CVE-2025-22226
https://www.cvedetails.com/cve/CVE-2025-22226/
Published: Tue Mar 4 17:05:41 2025 by llama3.2 3B Q4_K_M
