Broadcom has addressed critical vulnerabilities affecting various VMware products, which include ESXi and vSphere, that were discovered and reported by Microsoft. Identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, these issues allow cybercriminals to escape a compromised virtual machine and gain hypervisor control with admin access. The most severe, CVE-2025-22224, has a CVSS score of 9.3 and can enable code execution on the host. Organizations must apply patches swiftly and implement robust access controls to prevent exploitation by intruders or rogue insiders.
Broadcom has released critical patches for VMware vulnerabilities, including CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, that can be exploited to gain control over hypervisors.
If an attacker has already compromised a virtual machine's guest OS and gained privileged access, they can potentially escape the VM and access the hypervisor.
CVE-2025-22224, the most critical flaw, involves heap-overflow vulnerabilities that can lead to exploiting the host's Virtual Machine Executable process.
Organizations must enforce strict access controls to ensure that only trusted guests have administrative privileges to prevent exploitation of these vulnerabilities.
Collection
[
|
...
]