Summary: Recent scans have revealed that tens of thousands of VMware ESXi instances are vulnerable to three disclosed zero-day vulnerabilities tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226. These vulnerabilities allow attackers with elevated privileges to perform VM escapes and gain access to sensitive data. VMware has released patches, and the cybersecurity agency CISA has added these flaws to its Known Exploited Vulnerabilities catalog due to their severity.
Affected: VMware ESXi instances
Keypoints :
- Tens of thousands of ESXi instances compromised due to recently disclosed zero-days.
- Exploitation can lead to arbitrary code execution, memory leaks, and VM escape.
- Both Broadcom and Microsoft have noted the risks, with Microsoft credited for reporting the vulnerabilities.
- CISA has identified these flaws in its KEV catalog, underlining their critical nature.
- Reports indicate over 41,000 vulnerable ESXi instances, predominantly located in several countries.
- Technical details for the vulnerabilities are currently lacking, delaying broader exploitation.
- Attackers can leverage ESXi access to bypass security measures and access vital databases.
- An exploit for ESXi VM escape has been offered for sale, though its authenticity remains uncertain.