Skip to main content

CSA will never ask you to transfer money or disclose banking details. Stay vigilant.

If unsure, call the 24/7 ScamShield Helpline at 1799 to check. www.scamshield.gov.sg

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in VMware Products
Alerts

Multiple Vulnerabilities in VMware Products

26 March 2025

VMware has released security updates to address multiple vulnerabilities affecting their ESXi, Workstation and Fusion products. Users and administrators of affected product versions are advised to update to the latest versions immediately.

VMware has released security updates to address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) affecting their ESXi, Workstation and Fusion products. These vulnerabilities are reportedly being exploited in ransomware attacks globally.

The vulnerabilities are: 

  • CVE-2025-22224: Successful exploitation of a Time-of-Check Time-of-Use (TOCTOU) vulnerability could result in an out-of-bounds write, enabling an attacker with local administrative privileges on a virtual machine to execute arbitrary code as part of the virtual machine's Virtual Machine eXecutable (VMX) process on the host.

  • CVE-2025-22225: Successful exploitation of an arbitrary write vulnerability could allow an attacker with privileges within the VMX process to escape the virtual machine's sandbox and execute code on the host, potentially leading to a broader system compromise.

  • CVE-2025-22226: Successful exploitation of an out-of-bounds read vulnerability in HGFS could allow an attacker with administrative privileges on a virtual machine to leak memory from the VMX process, potentially exposing sensitive information.

The three vulnerabilities can be exploited in a chain to allow attackers to break out of a compromised VM and take control of the underlying hypervisor. This could lead to a full ESXi and vCenter compromise, enabling adversaries to bypass security controls, move laterally to other servers/endpoints, and deploy ransomware across the compromised network in a corporate environment.

The vulnerabilities affect the following product versions:

  • VMware ESXi versions 7.0 and 8.0

  • VMware Workstation versions 17.x

  • VMware Fusion versions 13.x

  • VMware Cloud Foundation versions 4.x and 5.x

  • VMware Telco Cloud Platform versions 2.x to 5.x 

  • VMware Telco Cloud Infrastructure versions 2.x and 3.x 

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

https://cybersecuritynews.com/vmware-vulnerabilities-exploited-ransomware/

https://nvd.nist.gov/vuln/detail/CVE-2025-22224

https://nvd.nist.gov/vuln/detail/CVE-2025-22225

https://nvd.nist.gov/vuln/detail/CVE-2025-22226

https://www.sygnia.co/threat-reports-and-advisories/breaking-the-virtual-barrier-web-shell-to-ransomware/


Back to top