CVE-2025-22225

Published Mar 4, 2025

Last updated a month ago

Exploit knownCVSS high 8.2
VMware

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-22225 is an arbitrary file write vulnerability that affects VMware ESXi. An attacker with privileges inside the VMX process can exploit this vulnerability to trigger arbitrary kernel writes, which can lead to a sandbox escape. The vulnerability has a CVSS base score of 8.2. This vulnerability is one of three zero-day flaws (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) that are being actively exploited. VMware has released patches for these vulnerabilities and urges customers to update their systems immediately. There are no known workarounds available.

Description
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Source
security@vmware.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.2
Impact score
6
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
VMware ESXi Arbitrary Write Vulnerability
Exploit added on
Mar 4, 2025
Exploit action due
Mar 25, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-787
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-123

Social media

Hype score
Not currently trending

  1. >CVE-2025-22224、CVE-2025-22225、CVE-2025-22226 複数の脆弱性情報を活用し、侵害できる能力があるというか、当然攻撃を試すラボも拠点に持っているんでしょうね

    @ETomatot24044

    31 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Critical VMware vulnerabilities patched (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) - one actively exploited. ESXi, Workstation, Fusion at risk. Requires local admin access but can lead to code execution & sandbox escape. Patch now! https://t.co/2Z3nv9MVl9

    @RedTeamNewsBlog

    24 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Recent #VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) pose a critical threat, allowing attackers to escape compromised VMs and seize control of the hypervisor. The active exploitation of these flaws has made this risk more severe than ever, with… https:/

    @sygnia_labs

    19 Mar 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 3 ثغرات خطيرة في VMware: مخاطر حقيقية وتحديثات عاجلة أصدرت Broadcom في 4 مارس تحديثات طارئة لمعالجة 3 ثغرات خطيرة (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) تؤثر على ESXi وWorkstation وFusion. إحدى هذه الثغرات (CVE-2025-22224) تم استغلالها فعليًا وتسمح للمهاجمين بالخروج…

    @KasperskyKSA

    18 Mar 2025

    200 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Three VMware Vulnerabilities: Key Risks and Urgent Patches On March 4, Broadcom released emergency updates for three critical VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) affecting ESXi, Workstation, and Fusion. At least one (CVE-2025-22224) has been…

    @KasperskyKSA

    17 Mar 2025

    172 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. VMware three vulnerabilities CVE-2025-22224, CVE-2025-22225, CVE-2025-22226. hackers are back in business.

    @XiaoChuStudio

    15 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/vW1vyg6OAh https://t.co/giNB4ixH3n

    @NickBla41002745

    14 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Tech alert: Critical VMware vulnerabilities are putting systems at risk! Discover how CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 could impact ESXi, Workstation, and more. Protect your data now! Read the advisory for more. https://t.co/5cS5XkWqLH #CyberSecurity https://t

    @sequretek_sqtk

    14 Mar 2025

    31 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. VMware Patches 3 Zero-Day Vulnerabilities After Active Exploitation ⚠️ https://t.co/9vjyWHCndI Broadcom has addressed three zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) in #VMware ESXi, Workstation, and Fusion, following reports of active… https://

    @Huntio

    13 Mar 2025

    84 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. On March 4th, Broadcom released patches for vulnerabilities affecting VMware products: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226. Check out the details here: https://t.co/19v4hvhMGt

    @redhataugust

    12 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 📣Critical Security Alert: VMware has issued a critical security alert for vulnerabilities in ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Infrastructure. These threats (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) are being exploited. Protect your systems now…

    @Helient

    11 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/KuDnAIxELh https://t.co/p0B8PSF0f0

    @NickBla41002745

    11 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/4Y9SjCmopV https://t.co/gUIjoFz9hV

    @NickBla41002745

    10 Mar 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/7l0O8zkKm0 https://t.co/1oo0hqYi9x

    @dansantanna

    9 Mar 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/yHNLeIwmrS https://t.co/ZzTq5oioIf

    @secured_cyber

    7 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. VMware Zero-Day Vulnerabilities Detailed #VMware #CVE-2025-22224 #CVE-2025-22225 #CVE-2025-22226 https://t.co/1pZqaRAqeq

    @pravin_karthik

    7 Mar 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2025-22225

    @transilienceai

    7 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. 41,000+ VMware ESXi Servers at RISK Hackers can exploit three zero-days (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) for VM escapes & hypervisor takeover—potential ransomware attacks incoming! Patch NOW! https://t.co/y9omKLLPv2 #VMware #CyberSecurity #Ransomware #Inf

    @dCypherIO

    6 Mar 2025

    118 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Broadcom issued a security advisory for 3 zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) in #ESXi, Workstation, and Fusion, already being exploited in the wild. #VirtualPatching is a technique you can leverage to defend against zero-day attacks like…

    @vali_cyber

    6 Mar 2025

    109 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 Se han descubierto 3 vulnerabilidades activas en VMware que comprometen la seguridad de entornos de virtualización (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226). Broadcom ha lanzado parches críticos para mitigar explotación previa, incluyendo ejecución remota de código y… h

    @pipobarraca

    6 Mar 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🔒 Critical vulnerabilities in VMware ESXi under attack! CVE-2025-22224, CVE-2025-22225, & CVE-2025-22226 expose local admin privileges. Immediate updates needed! #VMware #TechNews #USA link: https://t.co/Et5H8bHvWT https://t.co/cMwPjSE4cS

    @TweetThreatNews

    6 Mar 2025

    139 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. ۳ آسیب پذیری خطرناک برای محصولات VMware ESX شامل : VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation با کدهای شناسایی CVE-2025-22224 و CVE-2025-22225 و CVE-2025-22226 منتشر شده است که به هکرها اجازه دسترسی root یا admin به guest OS را می دهد. https://t.co/Poz3aKYxT1 ht

    @AmirHossein_sec

    5 Mar 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 Vulnerabilidades críticas en VMware bajo explotación activa 🔍 Ataques en curso explotan fallos en VMware, permitiendo ejecución de código y filtración de datos (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226). https://t.co/Sf1rZNb552

    @tpx_Security

    5 Mar 2025

    188 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/sEvYGJod3H https://t.co/iQTnmMZUyq

    @TechMash365

    5 Mar 2025

    140 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/ffEWD2eooY https://t.co/OE5hclkrIs

    @ggrubamn

    5 Mar 2025

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/Y1sP2WHpXI https://t.co/cTPPR83cnP

    @Art_Capella

    5 Mar 2025

    140 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. ‼️Atklātas vairākas zero-day ievainojamības (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) VMware programmatūrā. Kritiskākā sniedz uzbrucējam iespēju veikt koda izpildi. Aicinām nekavējoties uzstādīt atjauninājumus! https://t.co/pBdMjvJ81s https://t.co/glJKxmHI3N

    @certlv

    5 Mar 2025

    1027 Impressions

    3 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  28. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited https://t.co/E5udXMKfTp https://t.co/3zbnf98Ng0

    @Trej0Jass

    5 Mar 2025

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. VMware Fixes 3 Actively Exploited Zero-Days – Patch Now! Broadcom has patched critical VMware ESXi & vSphere flaws that attackers actively exploit to break out of VM sandboxes: 🔴 CVE-2025-22224 (CVSS 9.3) – VMCI heap overflow 🟠 CVE-2025-22225 (CVSS 8.2) – Arbitrary kernel

    @dCypherIO

    5 Mar 2025

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 CISA Warns of Actively Exploited VMware Vulnerabilities Read more: https://t.co/qozn6vPjdJ 👉 Critical TOCTOU Flaw Enables Hypervisor Takeover (CVE-2025-22224) 👉 Sandbox Escape via Arbitrary Write (CVE-2025-22225) 👉 Hypervisor Memory Leakage (CVE-2025-22226)… https://t.co

    @The_Cyber_News

    5 Mar 2025

    107 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) https://t.co/Q70UIg2RFm VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) Virt…

    @f1tym1

    5 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🚨🚨New VMware ESXi vuln chain (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) spotted in the wild! ⚡️Out-of-bounds read/write flaws can be chained for VM-to-host escape—major risk! ZoomEye Dork👉app="VMware ESXi Server httpd" over 257k+ exposed instances! Check now:… https://t

    @zoomeye_team

    5 Mar 2025

    612 Impressions

    4 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  33. CVE-2025-22225 Detail VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox

    @sehanshah1

    5 Mar 2025

    86 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. VMware は、CVE-2025-22224(VMCIヒープオーバーフロー)、CVE-2025-22225(任意の書き込み脆弱性)、CVE-2025-22226(HGFS情報漏洩脆弱性) の脆弱性が見つかりました。悪用が実際に発生している可能性があります。 既に修正パッチがリリースされています。 https://t.co/Gnz8a8Usc3 https://t.co/8o1JnlHkIv

    @t_nihonmatsu

    5 Mar 2025

    286 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  35. CVE-2025-22225 VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an es… https://t.co/0aR16kSHBk

    @CVEnew

    5 Mar 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 📖 VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates for March 2025 VMCI heap-overflow vulnerability (CVE-2025-22224)  VMware ESXi arbitrary write vulnerability (CVE-2025-22225)  HGFS information-disclosure vulnerability (CVE-2025-22226) 🚨⚠️Telemetry suggests that…

    @gothburz

    4 Mar 2025

    245 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 📖 VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates for March 2025 VMCI heap-overflow vulnerability (CVE-2025-22224)  VMware ESXi arbitrary write vulnerability (CVE-2025-22225)  HGFS information-disclosure vulnerability (CVE-2025-22226) 🚨⚠️Telemetry suggests that…

    @gothburz

    4 Mar 2025

    507 Impressions

    5 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. VMware issued a critical advisory (VMSA-2025-0004) regarding active exploitation of three vulnerabilities in ESXi, Workstation, and Fusion products: CVE-2025-22224 (CVSS 9.3), CVE-2025-22225 (CVSS 8.2), and CVE-2025-22226 (CVSS 7.1). https://t.co/wvKHAVDBX0

    @securityRSS

    4 Mar 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Broadcom corregge tre vulnerabilità critiche in VMware, già sfruttate dagli hacker Sicurezza Informatica, Broadcom, CVE-2025-22224, CVE-2025-22225, CVE-2025-22226, patch, sicurezza cloud, vmware, VMware ESXi, vulnerabilità, zero-day https://t.co/SJbuCxLi7L https://t.co/FrqiAYjmlh

    @matricedigitale

    4 Mar 2025

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Broadcom aplica parches a 3 vulnerabilidades de día cero de VMware después de que Microsoft le advirtiera que estaban siendo explotadas CVE-2025-22224 CVE-2025-22225 CVE-2025-22226 https://t.co/amHEf7grRj… https://t.co/GReCk8Ei9t

    @doncaptador

    4 Mar 2025

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. ⚠️ Vulnerability Alert: VMware Zero-Days 📅 Timeline: Disclosure: 2025-01-01, Patch: 2025-01-30 📌 Attribution: Reported by Microsoft with coordinated disclosure efforts involving Broadcom and VMware 🆔 cveId: • CVE-2025-22224 • CVE-2025-22225 • CVE-2025-22226 📊 baseScore:… ht

    @syedaquib77

    4 Mar 2025

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Broadcom ha parcheado tres vulnerabilidades críticas de #VMware. CVE-2025-22224: Desbordamiento de pila de VMCI afectaba a VMware ESXi y Workstation. CVE-2025-22225: Escritura arbitraria de archivos de alta gravedad afectaba a VMware ESXi. CVE-2025-22226: Divulgación de… https:/

    @SoyITPro

    4 Mar 2025

    2872 Impressions

    16 Retweets

    54 Likes

    10 Bookmarks

    1 Reply

    1 Quote

  43. Broadcom aplica parches a 3 vulnerabilidades de día cero de VMware después de que Microsoft le advirtiera que estaban siendo explotadas CVE-2025-22224 CVE-2025-22225 CVE-2025-22226 https://t.co/2yQlOG4ZLZ https://t.co/I4RMYodcXQ

    @elhackernet

    4 Mar 2025

    3817 Impressions

    10 Retweets

    40 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  44. 🚨🚨🚨 ESXiなどでSeverity: Criticalの脆弱性。 ゼロデイで悪用済みとのこと。 VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) https://t.co/H5XdHlAf0J

    @autumn_good_35

    4 Mar 2025

    7299 Impressions

    23 Retweets

    52 Likes

    8 Bookmarks

    0 Replies

    2 Quotes

  45. CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Critical VMware Vulnerabilities Exploited These flaws—CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226—pose serious security risks, with some already being exploited in the wild https://t.co/1GoZRFZINM

    @the_yellow_fall

    4 Mar 2025

    3927 Impressions

    24 Retweets

    85 Likes

    26 Bookmarks

    0 Replies

    0 Quotes

Configurations

References