Out-of-Bounds Write Vulnerability in VMware ESXi and Workstation Products
CVE-2025-22224
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 4 March 2025
Badges
What is CVE-2025-22224?
CVE-2025-22224 is a vulnerability affecting VMware ESXi and Workstation products, which are widely used for virtualization, allowing users to run multiple operating systems on a single physical machine. This particular vulnerability involves an out-of-bounds write issue due to a Time-of-Check Time-of-Use (TOCTOU) flaw, which could enable an attacker with local administrative privileges on a virtual machine to execute arbitrary code in the context of the VMX process on the host. Such exploitation could lead to significant security risks for organizations by compromising the integrity of their virtualized environments.
Technical Details
The vulnerability arises from a timing-related problem in the way the software checks conditions before acting on them. This flaw allows for manipulation of memory operations that occur outside of the allocated buffer, putting the system at risk of unintentional data manipulation. Administrators looking to secure their virtual environments must understand that local access can escalate to higher privileges, potentially compromising the entire host system.
Potential Impact of CVE-2025-22224
-
Code Execution: Attackers can execute arbitrary code on the host system, which might lead to unauthorized access and control over virtual machines running critical applications.
-
Data Compromise: The exploitation of this vulnerability could enable attackers to access, modify, or delete sensitive data within the virtual environment, leading to data breaches and loss of confidentiality.
-
System Stability: As the vulnerability allows for unintended memory manipulation, it could potentially disrupt the stability of the host system, impacting overall performance and availability of virtual machines, affecting business operations.
CISA has reported CVE-2025-22224
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-22224 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
ESXi 8.0
ESXi 8.0
ESXi 7.0
News Articles
Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure
Analysis of a recent attack targeting VMware ESXi vulnerabilities from March 2025 revealed an exploit developed a year before disclosure.
3 weeks ago
Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure
Analysis of a recent attack targeting VMware ESXi vulnerabilities from March 2025 revealed an exploit developed a year before disclosure.
3 weeks ago
BornCityCVE-2025-22224Over 37,000 VMware ESXi servers vulnerable via CVE-2025-22224 | Born's Tech and Windows World
[German]This week, VMware by Broadcom has released security updates for various products, including VMware ESXi servers, to close security gaps. One vulnerability has already been exploited as a 0-day. Now...
References
EPSS Score
57% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π₯
Vulnerability reached the number 1 worldwide trending spot
- π
Vulnerability started trending
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π¦
CISA Reported
- π°
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved