CVE-2025-22224

Published Mar 4, 2025

Last updated a month ago

Exploit knownCVSS critical 9.3
VMware

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-22224 is a critical vulnerability affecting VMware ESXi and Workstation products. It's a time-of-check to time-of-use (TOCTOU) race condition flaw that can lead to an out-of-bounds write within the VMCI (Virtual Machine Communication Interface). An attacker with local administrator privileges on a virtual machine can exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. This vulnerability allows attackers to escalate privileges from a compromised virtual machine to the underlying host system. Successful exploitation could grant the attacker control over the entire ESXi host, potentially impacting other virtual machines running on the same server. This vulnerability is known to be actively exploited in the wild.

Description
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Source
security@vmware.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.2
Impact score
6
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
Exploit added on
Mar 4, 2025
Exploit action due
Mar 25, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-367
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-367

Social media

Hype score
Not currently trending

  1. #Vulnerability #CVE202522224 CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Critical VMware Vulnerabilities Exploited https://t.co/mer0g3Dson

    @Komodosec

    11 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    4 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    3 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    2 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    2 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    2 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    31 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. >CVE-2025-22224、CVE-2025-22225、CVE-2025-22226 複数の脆弱性情報を活用し、侵害できる能力があるというか、当然攻撃を試すラボも拠点に持っているんでしょうね

    @ETomatot24044

    31 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Critical VMware vulnerabilities patched (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) - one actively exploited. ESXi, Workstation, Fusion at risk. Requires local admin access but can lead to code execution & sandbox escape. Patch now! https://t.co/2Z3nv9MVl9

    @RedTeamNewsBlog

    24 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. VMware製品の重大な脆弱性(CVE-2025-22224ほか)を悪用したランサムウェア攻撃が世界中で多発している。攻撃者はESXiなどの仮想化基盤に侵入し、権限昇格や認証情報の窃取を行い、VM全体を暗号化する。

    @yousukezan

    22 Mar 2025

    14981 Impressions

    114 Retweets

    205 Likes

    57 Bookmarks

    0 Replies

    4 Quotes

  11. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    19 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Recent #VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) pose a critical threat, allowing attackers to escape compromised VMs and seize control of the hypervisor. The active exploitation of these flaws has made this risk more severe than ever, with… https:/

    @sygnia_labs

    19 Mar 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    18 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. 3 ثغرات خطيرة في VMware: مخاطر حقيقية وتحديثات عاجلة أصدرت Broadcom في 4 مارس تحديثات طارئة لمعالجة 3 ثغرات خطيرة (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) تؤثر على ESXi وWorkstation وFusion. إحدى هذه الثغرات (CVE-2025-22224) تم استغلالها فعليًا وتسمح للمهاجمين بالخروج…

    @KasperskyKSA

    18 Mar 2025

    200 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    17 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Three VMware Vulnerabilities: Key Risks and Urgent Patches On March 4, Broadcom released emergency updates for three critical VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) affecting ESXi, Workstation, and Fusion. At least one (CVE-2025-22224) has been…

    @KasperskyKSA

    17 Mar 2025

    172 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    16 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    15 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. VMware three vulnerabilities CVE-2025-22224, CVE-2025-22225, CVE-2025-22226. hackers are back in business.

    @XiaoChuStudio

    15 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    15 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/vW1vyg6OAh https://t.co/giNB4ixH3n

    @NickBla41002745

    14 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Tech alert: Critical VMware vulnerabilities are putting systems at risk! Discover how CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 could impact ESXi, Workstation, and more. Protect your data now! Read the advisory for more. https://t.co/5cS5XkWqLH #CyberSecurity https://t

    @sequretek_sqtk

    14 Mar 2025

    31 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. VMware Patches 3 Zero-Day Vulnerabilities After Active Exploitation ⚠️ https://t.co/9vjyWHCndI Broadcom has addressed three zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) in #VMware ESXi, Workstation, and Fusion, following reports of active… https://

    @Huntio

    13 Mar 2025

    84 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. On March 4th, Broadcom released patches for vulnerabilities affecting VMware products: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226. Check out the details here: https://t.co/19v4hvhMGt

    @redhataugust

    12 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 📣Critical Security Alert: VMware has issued a critical security alert for vulnerabilities in ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Infrastructure. These threats (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) are being exploited. Protect your systems now…

    @Helient

    11 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/KuDnAIxELh https://t.co/p0B8PSF0f0

    @NickBla41002745

    11 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Over 40,400 VMware ESXi instances are vulnerable to CVE-2025-22224.CVE-2025-22224, is a critical out-of-bounds write flaw that is being actively exploited.#Brazil, #USA, #Europe , #VMware, #ESXi, #Broadcom, #Hypervisor, #Cybersecurity.Learn more here: https://t.co/u32QNALHEC http

    @kingops3c

    11 Mar 2025

    61 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    11 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    10 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Over 37,000 VMware ESXi servers vulnerable to ongoing attacks Internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild https://t.co/NLIS2dQ3FT https://t.co/oeGtT23y7e

    @actisoft_tech

    10 Mar 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/4Y9SjCmopV https://t.co/gUIjoFz9hV

    @NickBla41002745

    10 Mar 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    10 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  33. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/7l0O8zkKm0 https://t.co/1oo0hqYi9x

    @dansantanna

    9 Mar 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    9 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. OMG, VMware's got 3 actively exploited zero-days (CVE-2025-22224, etc)! Admin access on a VM could let attackers OWN the hypervisor. Patch NOW or your whole virtual world could crumble! https://t.co/vjJ4Nn5uX8

    @fin_tech_news_

    8 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. #VMware #Vulnerability #CyberSecurity https://t.co/fMd47rpvYn

    @YourAnonRiots

    7 Mar 2025

    247 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/yHNLeIwmrS https://t.co/ZzTq5oioIf

    @secured_cyber

    7 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    7 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  39. Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. https://t.co/SkHX1G2ckU

    @AbubakarMundir

    7 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  40. 🚨CVE-2025-22224 (CVSS 9.3 CRITICAL) Is your organization internet facing servers one of the 37,000 VMware ESXi servers vulnerable to ongoing attacks ? https://t.co/KF4HBSKnyi KQL to check internet facing VMware servers & prioritize your patching today! https://t.co/ukjc2Tz

    @0x534c

    7 Mar 2025

    1477 Impressions

    2 Retweets

    22 Likes

    15 Bookmarks

    0 Replies

    0 Quotes

  41. Over 37,000 VMware ESXi servers vulnerable to ongoing attacks https://t.co/60tLwPElOc #VMwareEsxi CVE-2025-22224

    @PratikSingh_

    7 Mar 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. VMware Zero-Day Vulnerabilities Detailed #VMware #CVE-2025-22224 #CVE-2025-22225 #CVE-2025-22226 https://t.co/1pZqaRAqeq

    @pravin_karthik

    7 Mar 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    7 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  44. インターネット上のVMware ESXiのインスタンス37,000台が、CVE-2025-22224の影響を受けている。この脆弱性は、仮想マシンの管理者権限を持つローカル攻撃者がホスト上でコードを実行することを可能にする。すでにゼロデイ攻撃で利用されていると発表。 https://t.co/jFdfWFcKIg

    @yousukezan

    6 Mar 2025

    2017 Impressions

    2 Retweets

    17 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  45. 🔴 Más de 37 000 servidores VMware ESXi expuestos a Internet son vulnerables a una falla crítica de escritura fuera de límites (CVE-2025-22224). Esta exposición masiva está siendo reportada por la plataforma de monitoreo de amenazas The Shadowserver Foundation. 🧉 https://t.co/g

    @MarquisioX

    6 Mar 2025

    103 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  46. インターネットに露出したVMware ESXiインスタンス37,000台以上が重大(Critical)な境界外書き込みCVE-2025-22224に対して脆弱。ShadowServer Foundation報告。同脆弱性は既に悪用されている。 https://t.co/m5M1AvGtD6

    @__kokumoto

    6 Mar 2025

    1807 Impressions

    8 Retweets

    20 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  47. 41,000+ VMware ESXi Servers at RISK Hackers can exploit three zero-days (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) for VM escapes & hypervisor takeover—potential ransomware attacks incoming! Patch NOW! https://t.co/y9omKLLPv2 #VMware #CyberSecurity #Ransomware #Inf

    @dCypherIO

    6 Mar 2025

    118 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Broadcom issued a security advisory for 3 zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) in #ESXi, Workstation, and Fusion, already being exploited in the wild. #VirtualPatching is a technique you can leverage to defend against zero-day attacks like…

    @vali_cyber

    6 Mar 2025

    109 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Over 37,000 VMware ESXi servers are vulnerable to attacks due to CVE-2025-22224. While 4,500 have been patched, many remain at risk. CISA sets a deadline of March 25, 2025. 🚨🖥️ #VMware #CISA #USA link: https://t.co/9HM6U3Kf9d https://t.co/uAgk57n2eg

    @TweetThreatNews

    6 Mar 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Over 37,000 VMware ESXi servers are at risk due to a critical vulnerability, CVE-2025-22224, currently being exploited. Protect your systems by understanding the implications and potential mitigation strategies. Read more about this urgent issue at https://t.co/cRoTNJENxi.

    @trubetech

    6 Mar 2025

    47 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References