Summary: Broadcom has issued a warning regarding three critical zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) affecting various VMware products. These vulnerabilities allow attackers with privileged access to escape the virtual machine’s sandbox and potentially compromise the hypervisor. Exploitation of these flaws has already been observed in active attacks, raising concerns for enterprise security.
Affected: VMware ESX products (including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, Telco Cloud Platform)
Keypoints :
- Vulnerabilities enable privileged users to escalate access from a compromised VM to the hypervisor.
- CVE-2025-22224 is a heap overflow vulnerability allowing execution of code on the host.
- CVE-2025-22225 allows for arbitrary kernel writes, leading to potential sandbox escape.
- CVE-2025-22226 discloses sensitive information from the VMX process to those with admin rights.
- Similar VMware vulnerabilities have been targeted by ransomware gangs and state-sponsored hackers, indicating a heightened risk for enterprises.