You are currently viewing Zero-Day Chaos: VMware Users Urged to Patch Critical Security Flaws

Zero-Day Chaos: VMware Users Urged to Patch Critical Security Flaws

  • Post author:
  • Reading time:7 mins read

Broadcom has rolled out critical security updates to patch three actively exploited zero-day vulnerabilities in VMware products, and if you’re running ESXi, Workstation, Fusion, Cloud Foundation, or Telco Cloud Platform. These aren’t just any bugs; they’re serious flaws that attackers are already using in the wild, making them an immediate threat to your virtual environments.

The vulnerabilities in question, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, open the door for everything from arbitrary code execution to information leaks and even sandbox escapes. If left unpatched, they could allow attackers to compromise your VMware setup, potentially leading to unauthorized access, system takeovers, and serious security breaches.

But don’t panic (yet). Broadcom has already pushed out patches to lock these loopholes, so the best thing you can do is update your systems ASAP. In this blog, we’ll break down the details of each vulnerability, show you which systems are affected, and walk you through the solutions you need to implement before hackers beat you to it.


Vulnerability Details

CVE-2025-22224: TOCTOU Race Condition Leading to Out-of-Bounds Write

  • Description: VMware ESXi and Workstation contain a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. This flaw arises when there’s a discrepancy between the time a resource’s state is checked and the time it’s used, potentially allowing unauthorized modifications.
  • Impact: A malicious actor with local administrative privileges on a virtual machine can exploit this vulnerability to execute code as the virtual machine’s VMX process running on the host. This could lead to unauthorized code execution on the host system.
  • Severity: This vulnerability has been assigned a CVSS v3.1 base score of 9.3 (Critical), with the vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

CVE-2025-22225: Arbitrary Kernel Write Leading to Sandbox Escape

  • Description: VMware ESXi contains an arbitrary write vulnerability. This issue allows a malicious actor with privileges within the VMX process to trigger arbitrary kernel writes.
  • Impact: Exploitation of this vulnerability can lead to an escape of the sandbox, allowing the attacker to execute code outside the confined virtual environment, potentially compromising the host system.
  • Severity: This vulnerability has been assigned a CVSS v3.1 base score of 8.2 (High), with the vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

CVE-2025-22226: Out-of-Bounds Read in HGFS Leading to Information Disclosure

  • Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in the Host Guest File System (HGFS).
  • Impact: A malicious actor with administrative privileges to a virtual machine may exploit this issue to leak memory from the VMX process. This could result in the exposure of sensitive information from the host system.
  • Severity: This vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High), with the vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected Systems

The vulnerabilities impact the following VMware products:

ProductAffected Versions
VMware ESXiVersions 7.0 and 8.0
VMware WorkstationVersion 17.x
VMware FusionVersion 13.x
VMware Cloud FoundationVersions 4.x and 5.x
VMware Telco Cloud PlatformVersions 2.x, 3.x, 4.x, and 5.x

Solution

To mitigate these vulnerabilities, users and administrators should apply the patches provided by VMware:

ProductFixes
VMware ESXi 8.0Update to ESXi80U3d-24585383 or ESXi80U2d-24585300
VMware ESXi 7.0Update to ESXi70U3s-24585291
VMware Workstation 17.xUpdate to version 17.6.3
VMware Fusion 13.xUpdate to version 13.6.3
VMware Cloud Foundation 5.xApply the asynchronous patch to ESXi80U3d-24585383
VMware Cloud Foundation 4.xApply the asynchronous patch to ESXi70U3s-24585291
VMware Telco Cloud PlatformApply the respective patches as per the ESXi versions

Instantly Fix Risks with SanerNow Patch Management

SanerNow patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. SanerNow patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.