430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware fixed three actively exploited zero-days in ESX products

Broadcom has addressed three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. Broadcom released security updates to address three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. The flaws, respectively tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact multiple VMware ESX products, including VMware ESXi, vSphere, […]

VMware Fusion Pwn2Own Berlin 2025

Broadcom has addressed three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild.

Broadcom released security updates to address three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild.

The flaws, respectively tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact multiple VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.

Researchers from Microsoft Threat Intelligence Center discovered the three vulnerabilities.

An attacker with privileged administrator or root access can chain the vulnerabilities to escape the sandbox within the virtual machine.

Below are the descriptions for these vulnerabilities:

  • CVE-2025-22224 (CVSS score of 9.3) VMCI heap-overflow vulnerability: the vulnerability is TOCTOU (Time-of-Check Time-of-Use) issue in VMware ESXi, and Workstation that can lead to an out-of-bounds write. “A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.” reads the advisory
  • CVE-2025-22225 (CVSS score of 8.2) VMware ESXi arbitrary write vulnerability: the vulnerability is an arbitrary write issue in VMware ESXi. An attackers with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
  • CVE-2025-22226 (CVSS score of 7.1) HGFS information-disclosure vulnerability: the vulnerability is an information disclosure vulnerability that impacts VMware ESXi, Workstation, and Fusion. The vulnerability is due to an out-of-bounds read in HGFS. An attacker with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. 

The virtualization giant confirmed that it has information to suggest that exploitation of the three flaws has occurred in the wild.

“On March 4, 2025 Broadcom released a critical VMware Security Advisory (VMSA), VMSA-2025-0004, addressing security vulnerabilities found and resolved in VMware ESX regarding a mechanism where threat actors could access the hypervisor through a running virtual machine” states the company. “Are the vulnerabilities being exploited “in the wild?” Broadcom has information to suggest that exploitation of these issues has occurred “in the wild.” “Is this a “VM Escape?” “Yes. This is a situation where an attacker who has already compromised a virtual machine’s guest OS and gained privileged access (administrator or root) could move into the hypervisor itself.”

The company has not disclosed specific details about the attacks or the threat actors behind them.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ESX)