Source: The Hacker News Author: info@thehackernews.com (The Hacker News) URL: https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html
-
ONE SENTENCE SUMMARY: Broadcom released security updates for actively exploited VMware ESXi, Workstation, and Fusion vulnerabilities that enable code execution and data leaks.
-
MAIN POINTS:
-
Broadcom patched three VMware security flaws actively exploited in the wild.
-
CVE-2025-22224 allows code execution via a TOCTOU vulnerability with a CVSS score of 9.3.
-
CVE-2025-22225 enables sandbox escape through an arbitrary write flaw with a CVSS score of 8.2.
-
CVE-2025-22226 causes information disclosure via an out-of-bounds read with a CVSS score of 7.1.
-
Affected products include VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.
-
Fixed versions include ESXi 7.0U3s, ESXi 8.0U3d, Workstation 17.6.3, and Fusion 13.6.3.
-
Microsoft Threat Intelligence Center discovered and reported these vulnerabilities.
-
Broadcom confirmed real-world exploitation but did not disclose attack details or threat actor identities.
-
Users are urged to apply patches immediately for protection against active threats.
-
The vulnerabilities impact virtual machine security, potentially compromising host systems.
-
TAKEAWAYS:
-
Organizations using VMware products must urgently apply the latest security patches.
-
Exploited vulnerabilities pose significant risks, including code execution and data leaks.
-
Microsoft played a key role in identifying and reporting these security flaws.
-
Broadcom acknowledged real-world exploitation but withheld specific attack details.
-
Keeping virtualization infrastructure updated is crucial to mitigating security risks.