Arbitrary Write Vulnerability in VMware ESXi
CVE-2025-22225
Key Information:
- Vendor
- VMware
- Status
- Vendor
- CVE Published:
- 4 March 2025
Badges
Summary
VMware ESXi is affected by an arbitrary write vulnerability that can be exploited by a malicious actor with privileges in the VMX process. This vulnerability could lead to unauthorized write access to the kernel, potentially allowing the attacker to escape the sandbox environment, compromising the security of the host system. Users are advised to apply relevant patches and follow best security practices to mitigate the risk.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
VMware Cloud Foundation 5.x, 4.5.x
VMware ESXi 8.0
VMware ESXi 8.0
Get notified when SecurityVulnerability.io launches alerting ๐
Well keep you posted ๐ง
News Articles
VMware Vulnerabilities Exploited Actively to Bypass Security Controls & Deploy Ransomware
A surge of ransomware attacks leveraging critical VMware virtualization vulnerabilities has triggered global alerts. Threat actors exploit flaws in ESXi, Workstation, and Fusion products to paralyze enterprise infrastructures.
2 weeks ago
CISA Updates Known Exploited Vulnerabilities Catalog
CISA updates the Known Exploited Vulnerabilities Catalog with 4 critical flaws in Linux and VMware. Quick patching is crucial to mitigate active cyber threats.
1 month ago
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ฐ
First article discovered by SC Media
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
Vulnerability published
Vulnerability Reserved