Summary: Broadcom has released security updates for three significant vulnerabilities in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. These vulnerabilities are actively being exploited, highlighting the urgency for users to apply the latest patches. Key vulnerabilities include a TOCTOU vulnerability with a CVSS score of 9.3, an arbitrary write vulnerability, and an information disclosure flaw.
Affected: VMware ESXi, Workstation, Fusion, and related products
Keypoints :
- CVE-2025-22224: TOCTOU vulnerability leading to out-of-bounds write (CVSS 9.3)
- CVE-2025-22225: Arbitrary write vulnerability within the VMX process (CVSS 8.2)
- CVE-2025-22226: Information disclosure vulnerability due to out-of-bounds read in HGFS (CVSS 7.1)
- Impacted versions include VMware ESXi 8.0, 7.0, Workstation 17.x, Fusion 13.x, and various Cloud Foundation and Telco Cloud products.
- Broadcom has indicated that these vulnerabilities may have been exploited in the wild.
- Users are strongly urged to apply the latest patches for security.
Source: https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html