CVE-2025-22224

Published Mar 4, 2025

Last updated 19 days ago

Exploit knownCVSS critical 9.3
VMware

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-22224 is a critical vulnerability affecting VMware ESXi and Workstation products. It's a time-of-check to time-of-use (TOCTOU) race condition flaw that can lead to an out-of-bounds write within the VMCI (Virtual Machine Communication Interface). An attacker with local administrator privileges on a virtual machine can exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. This vulnerability allows attackers to escalate privileges from a compromised virtual machine to the underlying host system. Successful exploitation could grant the attacker control over the entire ESXi host, potentially impacting other virtual machines running on the same server. This vulnerability is known to be actively exploited in the wild.

Description
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Source
security@vmware.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.2
Impact score
6
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
Exploit added on
Mar 4, 2025
Exploit action due
Mar 25, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-367
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-367

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

5

  1. VMware製品の重大な脆弱性(CVE-2025-22224ほか)を悪用したランサムウェア攻撃が世界中で多発している。攻撃者はESXiなどの仮想化基盤に侵入し、権限昇格や認証情報の窃取を行い、VM全体を暗号化する。

    @yousukezan

    22 Mar 2025

    14981 Impressions

    114 Retweets

    205 Likes

    57 Bookmarks

    0 Replies

    4 Quotes

  2. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    19 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Recent #VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) pose a critical threat, allowing attackers to escape compromised VMs and seize control of the hypervisor. The active exploitation of these flaws has made this risk more severe than ever, with… https:/

    @sygnia_labs

    19 Mar 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    18 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. 3 ثغرات خطيرة في VMware: مخاطر حقيقية وتحديثات عاجلة أصدرت Broadcom في 4 مارس تحديثات طارئة لمعالجة 3 ثغرات خطيرة (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) تؤثر على ESXi وWorkstation وFusion. إحدى هذه الثغرات (CVE-2025-22224) تم استغلالها فعليًا وتسمح للمهاجمين بالخروج…

    @KasperskyKSA

    18 Mar 2025

    200 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    17 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Three VMware Vulnerabilities: Key Risks and Urgent Patches On March 4, Broadcom released emergency updates for three critical VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) affecting ESXi, Workstation, and Fusion. At least one (CVE-2025-22224) has been…

    @KasperskyKSA

    17 Mar 2025

    172 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    16 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    15 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. VMware three vulnerabilities CVE-2025-22224, CVE-2025-22225, CVE-2025-22226. hackers are back in business.

    @XiaoChuStudio

    15 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    15 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/vW1vyg6OAh https://t.co/giNB4ixH3n

    @NickBla41002745

    14 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Tech alert: Critical VMware vulnerabilities are putting systems at risk! Discover how CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 could impact ESXi, Workstation, and more. Protect your data now! Read the advisory for more. https://t.co/5cS5XkWqLH #CyberSecurity https://t

    @sequretek_sqtk

    14 Mar 2025

    31 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. VMware Patches 3 Zero-Day Vulnerabilities After Active Exploitation ⚠️ https://t.co/9vjyWHCndI Broadcom has addressed three zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) in #VMware ESXi, Workstation, and Fusion, following reports of active… https://

    @Huntio

    13 Mar 2025

    84 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. On March 4th, Broadcom released patches for vulnerabilities affecting VMware products: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226. Check out the details here: https://t.co/19v4hvhMGt

    @redhataugust

    12 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 📣Critical Security Alert: VMware has issued a critical security alert for vulnerabilities in ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Infrastructure. These threats (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) are being exploited. Protect your systems now…

    @Helient

    11 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/KuDnAIxELh https://t.co/p0B8PSF0f0

    @NickBla41002745

    11 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Over 40,400 VMware ESXi instances are vulnerable to CVE-2025-22224.CVE-2025-22224, is a critical out-of-bounds write flaw that is being actively exploited.#Brazil, #USA, #Europe , #VMware, #ESXi, #Broadcom, #Hypervisor, #Cybersecurity.Learn more here: https://t.co/u32QNALHEC http

    @kingops3c

    11 Mar 2025

    61 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    11 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    10 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Over 37,000 VMware ESXi servers vulnerable to ongoing attacks Internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild https://t.co/NLIS2dQ3FT https://t.co/oeGtT23y7e

    @actisoft_tech

    10 Mar 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/4Y9SjCmopV https://t.co/gUIjoFz9hV

    @NickBla41002745

    10 Mar 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    10 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/7l0O8zkKm0 https://t.co/1oo0hqYi9x

    @dansantanna

    9 Mar 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    9 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. OMG, VMware's got 3 actively exploited zero-days (CVE-2025-22224, etc)! Admin access on a VM could let attackers OWN the hypervisor. Patch NOW or your whole virtual world could crumble! https://t.co/vjJ4Nn5uX8

    @fin_tech_news_

    8 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. #VMware #Vulnerability #CyberSecurity https://t.co/fMd47rpvYn

    @YourAnonRiots

    7 Mar 2025

    247 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/yHNLeIwmrS https://t.co/ZzTq5oioIf

    @secured_cyber

    7 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    7 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. https://t.co/SkHX1G2ckU

    @AbubakarMundir

    7 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. 🚨CVE-2025-22224 (CVSS 9.3 CRITICAL) Is your organization internet facing servers one of the 37,000 VMware ESXi servers vulnerable to ongoing attacks ? https://t.co/KF4HBSKnyi KQL to check internet facing VMware servers & prioritize your patching today! https://t.co/ukjc2Tz

    @0x534c

    7 Mar 2025

    1477 Impressions

    2 Retweets

    22 Likes

    15 Bookmarks

    0 Replies

    0 Quotes

  32. Over 37,000 VMware ESXi servers vulnerable to ongoing attacks https://t.co/60tLwPElOc #VMwareEsxi CVE-2025-22224

    @PratikSingh_

    7 Mar 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. VMware Zero-Day Vulnerabilities Detailed #VMware #CVE-2025-22224 #CVE-2025-22225 #CVE-2025-22226 https://t.co/1pZqaRAqeq

    @pravin_karthik

    7 Mar 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Actively exploited CVE : CVE-2025-22224

    @transilienceai

    7 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. インターネット上のVMware ESXiのインスタンス37,000台が、CVE-2025-22224の影響を受けている。この脆弱性は、仮想マシンの管理者権限を持つローカル攻撃者がホスト上でコードを実行することを可能にする。すでにゼロデイ攻撃で利用されていると発表。 https://t.co/jFdfWFcKIg

    @yousukezan

    6 Mar 2025

    2017 Impressions

    2 Retweets

    17 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  36. 🔴 Más de 37 000 servidores VMware ESXi expuestos a Internet son vulnerables a una falla crítica de escritura fuera de límites (CVE-2025-22224). Esta exposición masiva está siendo reportada por la plataforma de monitoreo de amenazas The Shadowserver Foundation. 🧉 https://t.co/g

    @MarquisioX

    6 Mar 2025

    103 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. インターネットに露出したVMware ESXiインスタンス37,000台以上が重大(Critical)な境界外書き込みCVE-2025-22224に対して脆弱。ShadowServer Foundation報告。同脆弱性は既に悪用されている。 https://t.co/m5M1AvGtD6

    @__kokumoto

    6 Mar 2025

    1807 Impressions

    8 Retweets

    20 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  38. 41,000+ VMware ESXi Servers at RISK Hackers can exploit three zero-days (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) for VM escapes & hypervisor takeover—potential ransomware attacks incoming! Patch NOW! https://t.co/y9omKLLPv2 #VMware #CyberSecurity #Ransomware #Inf

    @dCypherIO

    6 Mar 2025

    118 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Broadcom issued a security advisory for 3 zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) in #ESXi, Workstation, and Fusion, already being exploited in the wild. #VirtualPatching is a technique you can leverage to defend against zero-day attacks like…

    @vali_cyber

    6 Mar 2025

    109 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Over 37,000 VMware ESXi servers are vulnerable to attacks due to CVE-2025-22224. While 4,500 have been patched, many remain at risk. CISA sets a deadline of March 25, 2025. 🚨🖥️ #VMware #CISA #USA link: https://t.co/9HM6U3Kf9d https://t.co/uAgk57n2eg

    @TweetThreatNews

    6 Mar 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Over 37,000 VMware ESXi servers are at risk due to a critical vulnerability, CVE-2025-22224, currently being exploited. Protect your systems by understanding the implications and potential mitigation strategies. Read more about this urgent issue at https://t.co/cRoTNJENxi.

    @trubetech

    6 Mar 2025

    47 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. CVE-2025-22224 CVSSスコア9.3! 仮想デスクトップにVMware ESXiを使ってる企業は、週末緊急メンテですなぁ。南無阿弥陀仏。 https://t.co/RHDj5kymSj

    @umesun

    6 Mar 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks Tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days. https://t.co/x0hF098UVM https://t.co/JtN4lEZe5n

    @persistsec

    6 Mar 2025

    127 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🚨 Se han descubierto 3 vulnerabilidades activas en VMware que comprometen la seguridad de entornos de virtualización (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226). Broadcom ha lanzado parches críticos para mitigar explotación previa, incluyendo ejecución remota de código y… h

    @pipobarraca

    6 Mar 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🔒 Critical vulnerabilities in VMware ESXi under attack! CVE-2025-22224, CVE-2025-22225, & CVE-2025-22226 expose local admin privileges. Immediate updates needed! #VMware #TechNews #USA link: https://t.co/Et5H8bHvWT https://t.co/cMwPjSE4cS

    @TweetThreatNews

    6 Mar 2025

    139 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  46. We are scanning & reporting out VMware ESXi CVE-2025-22224 vulnerable instances ("a malicious actor with local admin privileges on a virtual machine may exploit this to execute code as virtual machine's VMX process running on host"). Nearly 41.5K found vulnerable on 2025-03-

    @Shadowserver

    5 Mar 2025

    13442 Impressions

    34 Retweets

    150 Likes

    63 Bookmarks

    2 Replies

    5 Quotes

  47. ۳ آسیب پذیری خطرناک برای محصولات VMware ESX شامل : VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation با کدهای شناسایی CVE-2025-22224 و CVE-2025-22225 و CVE-2025-22226 منتشر شده است که به هکرها اجازه دسترسی root یا admin به guest OS را می دهد. https://t.co/Poz3aKYxT1 ht

    @AmirHossein_sec

    5 Mar 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 Urgent VMware Security Alert! Broadcom warns of active zero-day exploits (CVE-2025-22224, 22225, 22226) in ESXi, Workstation & Fusion. Hackers can escape VMs & breach networks. Patch now to stay secure! https://t.co/Xh9Vw7gAci

    @Solvexdigital

    5 Mar 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🔴 VMware ESXi, TOCTOU Vulnerability, #CVE-2025-22224 (Critical) https://t.co/2gRFiA0dgs

    @dailycve

    5 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🚨 Vulnerabilidades críticas en VMware bajo explotación activa 🔍 Ataques en curso explotan fallos en VMware, permitiendo ejecución de código y filtración de datos (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226). https://t.co/Sf1rZNb552

    @tpx_Security

    5 Mar 2025

    188 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References