Information Disclosure Vulnerability in VMware ESXi, Workstation, and Fusion
CVE-2025-22226

6MEDIUM

Key Information:

Vendor

VMware
Status
Esxi
Vmware Workstation
Vmware Fusion
Vmware Cloud Foundation
Vendor
CVE Published:
4 March 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 1,290πŸ‘Ύ Exploit ExistsπŸ¦… CISA Reported

What is CVE-2025-22226?

CVE-2025-22226 is an information disclosure vulnerability identified in VMware ESXi, Workstation, and Fusion products. These software platforms are critical virtualization solutions widely utilized in enterprise environments to manage and run multiple virtual machines efficiently. The vulnerability arises from an out-of-bounds read in the HGFS (Host-Guest File System) component, which could allow an attacker with administrative privileges on a virtual machine to exploit this flaw. By doing so, they may extract sensitive memory information from the vmx process, potentially exposing confidential data and system configurations. Such unauthorized access represents a significant risk, as it can compromise the integrity and confidentiality of virtual environments, making it essential for organizations to address this vulnerability swiftly.

Potential impact of CVE-2025-22226

  1. Data Leakage: The ability for an attacker to read from the memory of the vmx process poses a substantial risk of sensitive data leakage, which can include user credentials, application data, and configuration information. This could lead to further exploitation or unauthorized access to critical systems.

  2. Compromise of Virtual Machines: If exploited, the vulnerability can allow malicious actors to gain insights into the operation of virtual machines and potentially manipulate them. This can weaken the overall security posture of the virtual infrastructure, leading to further attacks.

  3. Increased Attack Surface: Exploiting this vulnerability could enable attackers to gather intelligence that facilitates additional attacks against the organization's network, including lateral movement to other systems or triggering further vulnerabilities within the virtualization stack.

CISA has reported CVE-2025-22226

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-22226 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ESXi 8.0

ESXi 8.0

ESXi 7.0

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.