Arbitrary Write Vulnerability in VMware ESXi
CVE-2025-22225
Key Information:
- Vendor
VMware
- Status
- Vendor
- CVE Published:
- 4 March 2025
Badges
What is CVE-2025-22225?
VMware ESXi is affected by an arbitrary write vulnerability that can be exploited by a malicious actor with privileges in the VMX process. This vulnerability could lead to unauthorized write access to the kernel, potentially allowing the attacker to escape the sandbox environment, compromising the security of the host system. Users are advised to apply relevant patches and follow best security practices to mitigate the risk.
CISA has reported CVE-2025-22225
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-22225 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
VMware Cloud Foundation 5.x, 4.5.x
VMware ESXi 8.0
VMware ESXi 8.0
News Articles
BornCity0-day vulnerabilities in VMWare ESXi, Workstation and Fusion | Born's Tech and Windows World
[German]As of March 4, 2025, VMware by Broadcom has published a security advisory to warn of three zero-day vulnerabilities CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226) that have already been exploited...
4 days ago
Cyber PressVMware ESXi and vCenter Flaw Enables Arbitrary Command Execution
Now a Broadcom company, VMware has released urgent security updates to address several high-severity vulnerabilities
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by SC Media
Vulnerability published
Vulnerability Reserved