HomeMalware & ThreatsBroadcom Issues Warning to VMware Users About Critical Zero-Day Exploits

Broadcom Issues Warning to VMware Users About Critical Zero-Day Exploits

Published on

spot_img

Broadcom issued a security alert warning VMware customers about three zero-day vulnerabilities that attackers are actively exploiting in the wild. The vulnerabilities, known as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact various VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.

According to Broadcom’s advisory, CVE-2025-22224 is the most severe of the three vulnerabilities with a CVSS score of 9.3. This critical VMCI heap overflow vulnerability affects VMware ESXI and Workstation. Attackers with local administrative privileges on a virtual machine (VM) can exploit this vulnerability to execute code as the virtual machine’s VMX process running the host.

CVE-2025-22225 is a high-severity arbitrary file write vulnerability with a CVSS score of 8.2 that impacts VMware ESXi. If exploited, attackers with privileges inside the VMX process can trigger an arbitrary kernel write, potentially leading to an escape from the VM’s sandbox.

The third vulnerability, CVE-2025-22226, is also high-severity with a CVSS base score of 7.1. It impacts VMware ESXi, Workstation, and Fusion and is caused by an out-of-bounds read bug in the HGFS component. Attackers with administrative privileges to the VM can exploit this vulnerability to leak memory from the VMX process.

Broadcom confirmed that attackers have already exploited all three vulnerabilities and urged organizations to take immediate action to address the security risks.

Security experts expressed concerns over the severity of these exploits and their potential impact. Patrick Tiquet, Vice President of Security & Architecture at Keeper Security, warned that these vulnerabilities allow attackers to break out of a compromised VM and take control of the underlying host system. He emphasized the importance of organizations taking immediate action to mitigate these risks.

Jason Soroko, Senior Fellow at Sectigo, highlighted the risk posed by chaining these vulnerabilities together for a more robust attack path. He noted that attackers could exploit these vulnerabilities independently or in combination to increase the likelihood of a successful breach.

Chris Gray, Field CTO at Deepwatch, warned about the dangers of incomplete patching leaving systems vulnerable, especially considering VMware’s dominant position in the virtualization market. He explained how attackers could chain these zero-day exploits together to escalate privileges and potentially gain administrative control of the hypervisor.

In conclusion, the exploitation of these vulnerabilities underscores the importance of prompt action by organizations to secure their VMware environments. The varied profiles of the vulnerabilities provide attackers with multiple options for compromising systems, making it essential for organizations to stay vigilant and apply necessary patches and security measures to protect their virtualization infrastructure.

Source link

Latest articles

Check Point CTO Jonathan Zanger Envisions AI Enhancing Cybersecurity Value

Check Point Software CTO Discusses AI's Impact on Cybersecurity at Engage 2026 In a recent...

Cyber Briefing – July 10, 2026 – CyberMaterial

Cybersecurity Updates: Key Threats and Responses In recent developments within the cybersecurity landscape, multiple high-profile...

Sysdig Reveals the First Documented Agentic Ransomware Operation

Security researchers at Sysdig have unveiled what they propose as the inaugural case of...

FastNetMon Introduces Netomics, a Self-Hosted Routing Intelligence Platform

London, United Kingdom, July 10th, 2026, CyberNewswire In a significant development within the realm of...

More like this

Check Point CTO Jonathan Zanger Envisions AI Enhancing Cybersecurity Value

Check Point Software CTO Discusses AI's Impact on Cybersecurity at Engage 2026 In a recent...

Cyber Briefing – July 10, 2026 – CyberMaterial

Cybersecurity Updates: Key Threats and Responses In recent developments within the cybersecurity landscape, multiple high-profile...

Sysdig Reveals the First Documented Agentic Ransomware Operation

Security researchers at Sysdig have unveiled what they propose as the inaugural case of...