Summary: Federal civilian agencies must resolve three critical vulnerabilities in VMware products within three weeks, as these flaws have been confirmed to be actively exploited by hackers. The vulnerabilities, particularly CVE-2025-22224, have a high severity score and require immediate action to patch. VMware has advised customers to apply updates and has stated that existing defenses may help mitigate the risk, though no workarounds exist that do not involve an update.
Affected: VMware products (ESXi, Workstation, Fusion)
Keypoints :
- Federal agencies have until March 25 to patch three serious vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) in VMware products.
- CVE-2025-22224 poses the highest risk, allowing attackers with admin access to execute code on the host system and control other VMs.
- All customers are urged to apply vendor-supplied fixes quickly, as the vulnerabilities are being actively exploited by cybercriminals and state-sponsored actors.
Source: https://therecord.media/vmware-exploited-vulnerabilities-esxi-workstation-fusion