VMware Security Advisory (VMSA-2025-0004)

A picture containing text Description automatically generated

Service Advisory

Broadcom has published a critical security advisory (VMSA-2025-0004) to address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225,CVE-2025-22226) identified in VMware ESXi, VMware Workstation and VMware Cloud Foundation Server. If exploited, these vulnerabilities could result in data breaches, system compromised and unauthorized access. There are reports of these vulnerabilities being exploited in the wild.

Severity level

CVSS Score: 7.1 - 9.3/ High,Critical

Description
CVE-2025-22224 is a critical-severity VCMI heap overflow vulnerability that enables local attackers with administrative privileges on the targeted VM to execute code as the VMX process running on the host. CVE-2025-22225 is an ESXi arbitrary write vulnerability that allows the VMX process to trigger arbitrary kernel writes, leading to a sandbox escape, while CVE-2025-22226 is described as an HGFS information-disclosure flaw that lets threat actors with admin permissions to leak memory from the VMX process.

Affected Versions

VMware ESXi – versions 8.0 and 7.0

VMware Workstation – version 17.x

VMware Fusion – version 13.x

VMware Cloud Foundation – versions 5.x and 4.5.x

VMware Telco Cloud Platform – versions 5.x, 4.x, 3.x, 2.x

VMware Telco Cloud Infrastructure – versions 3.x, 2.x

Impact

An attacker could exploit these vulnerabilities to gain access to the virtualized infrastructure .

Resolution

Please apply the patches listed in the vendor advisory.

Reference