Ethical Hacking News
U.S. CISA adds Linux kernel and VMware ESXi vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting actively exploited flaws with significant security implications.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including those affecting the Linux kernel, VMware ESXi, and VMware Workstation. A vulnerability in the Linux kernel (CVE-2024-50302) was addressed by an Android March 2025 security update, but details of attacks exploiting it were not provided. VMware ESXi products are vulnerable to arbitrary write vulnerabilities (CVE-2025-22225 and CVE-2025-22224), which can lead to sandbox escape and other security risks. A vulnerability in VMware ESXi, Workstation, and Fusion products (CVE-2025-22226) allows information disclosure due to an out-of-bounds read in HGFS.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, which highlights actively exploited flaws that pose significant security risks. Among the newly listed vulnerabilities are those affecting the Linux kernel, VMware ESXi, and VMware Workstation. These additions demonstrate a growing concern for cybersecurity experts and organizations worldwide.
The most recent addition to the KEV catalog is CVE-2024-50302, a vulnerability in the Linux kernel identified as a use of uninitialized resource vulnerability. According to Google, this vulnerability was addressed by releasing an Android March 2025 security update, thereby mitigating potential risks associated with exploitation. However, details regarding the attacks exploiting this vulnerability were not provided, highlighting the importance of continuous vigilance in identifying and addressing emerging threats.
Another vulnerability added to the KEV catalog is CVE-2025-22225, which impacts VMware ESXi products and has been identified as an arbitrary write vulnerability. This flaw allows attackers with privileges within the VMX process to trigger an arbitrary kernel write, potentially leading to a sandbox escape. Researchers from Microsoft's Threat Intelligence Center discovered this vulnerability.
The third vulnerability added to the KEV catalog is CVE-2025-22224, which affects VMware ESXi and Workstation products and has been identified as a TOCTOU (Time-of-Check Time-of-Use) issue. This flaw can lead to an out-of-bounds write, enabling attackers to execute code as the virtual machine's VMX process running on the host. Additionally, CVE-2025-22226 impacts VMware ESXi, Workstation, and Fusion products with an information disclosure vulnerability due to an out-of-bounds read in HGFS.
The Linux kernel vulnerability, CVE-2024-50302, had implications beyond just Android devices. Amnesty International revealed that this vulnerability was likely used by Cellebrite's mobile forensic tools to unlock the Android phone of a Serbian student activist. This incident highlights the potential for malicious actors to exploit vulnerabilities in various systems and software.
Broadcom has released security updates addressing three VMware zero-day vulnerabilities in ESX products, which are currently being actively exploited in the wild. These vulnerabilities, respectively tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact multiple VMware ESXi products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.
Research has shown that attackers with privileged administrator or root access can chain the vulnerabilities to escape the sandbox within the virtual machine. The detailed descriptions of these vulnerabilities emphasize the severity of this risk, particularly in systems where elevated privileges are necessary for functionality.
The addition of these vulnerabilities to the KEV catalog underscores the importance of vigilance and proactive measures in addressing emerging security risks. It serves as a reminder that cybersecurity is an ongoing challenge that requires continuous attention and adaptation from organizations and individuals alike.
U.S. CISA adds Linux kernel and VMware ESXi vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting actively exploited flaws with significant security implications.
Related Information:
https://www.ethicalhackingnews.com/articles/US-CISA-Adds-Linux-Kernel-and-VMware-ESXi-Vulnerabilities-to-Known-Exploited-Vulnerabilities-Catalog-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://securityaffairs.com/174923/security/u-s-cisa-adds-linux-kernel-and-vmware-esxi-and-workstation-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2024-50302
https://www.cvedetails.com/cve/CVE-2024-50302/
https://nvd.nist.gov/vuln/detail/CVE-2025-22224
https://www.cvedetails.com/cve/CVE-2025-22224/
https://nvd.nist.gov/vuln/detail/CVE-2025-22225
https://www.cvedetails.com/cve/CVE-2025-22225/
https://nvd.nist.gov/vuln/detail/CVE-2025-22226
https://www.cvedetails.com/cve/CVE-2025-22226/
Published: Wed Mar 5 02:19:49 2025 by llama3.2 3B Q4_K_M
