HomeCyber BalkansCISA Alert: VMware Vulnerabilities under Active Exploitation

CISA Alert: VMware Vulnerabilities under Active Exploitation

Published on

spot_img

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a crucial warning on March 4, 2025, alerting federal agencies and private organizations about four severe vulnerabilities added to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are being actively exploited by threat actors, emphasizing the urgent need for mitigation efforts.

One of the vulnerabilities highlighted is CVE-2025-22225, a critical flaw in VMware’s ESXi hypervisor that allows attackers with administrative privileges to write arbitrary data to host systems. This flaw, with a CVSS score of 9.1, can result in hypervisor escapes, enabling attackers to compromise the underlying hardware or other virtual machines. While VMware has released patches in ESXi 8.0 P2, reports suggest that at least three advanced persistent threat (APT) groups have already integrated this exploit into their attack strategies.

Another vulnerability, CVE-2025-22224, involves a time-of-check-to-time-of-use (TOCTOU) race condition in VMware ESXi and Workstation, which could be exploited by attackers to manipulate virtual machine operations during execution. This vulnerability has been actively exploited in ransomware attacks targeting healthcare and energy sectors, as confirmed by CISA. Mitigation for this flaw requires updating to Workstation 17.5.1 or ESXi 8.0 P1.

Additionally, CVE-2025-22226 is a medium-severity vulnerability in VMware’s virtualization suite that allows unauthorized actors to access sensitive host system data, including credentials and configuration files. Although less severe compared to other CVEs, attackers are using this flaw to gather intelligence for multi-stage attacks. VMware has released patches for ESXi (8.0 P2), Workstation (17.5.1), and Fusion (13.5.1).

Under Binding Operational Directive (BOD) 22-01, federal agencies are mandated to remediate these vulnerabilities by March 18, 2025. Private enterprises, while not legally bound, face increased risks due to the widespread use of VMware products in global enterprise virtual infrastructure. CISA’s executive assistant director, Matt Hartman, stressed the importance of patching these vulnerabilities, stating that it is a critical step in mitigating destructive attacks in the current threat landscape.

As virtualization technologies become more prevalent, organizations are urged to adopt automated patch management systems and segment virtual networks to contain breaches. With VMware vulnerabilities accounting for a significant portion of all KEV entries in 2025, cybersecurity teams are facing heightened challenges in protecting their systems from exploitation.

In conclusion, the escalation of these vulnerabilities underscores the pressing need for proactive cybersecurity measures to defend against evolving threats. Organizations must prioritize patching and strengthening their security posture to mitigate the risk of potential cyberattacks.

Source link

Latest articles

Millions of Shark Robot Vacuums Exposed to Unpatched Remote Code Execution Vulnerability

Millions of Shark Robot Vacuums Vulnerable to Critical Exploit Millions of internet-connected Shark robot vacuums...

Trump Revives Debunked Claims of Election Hacking

Courts, Audits, and Federal Agencies Found No Evidence That 2020 Votes Were Altered In a...

The Executive Profile Your Security Team Fails to Protect

The Importance of Regular Monitoring and Reducing AI-Indexed Information for Executives In today's rapidly evolving...

Reasons for CISOs to Automate SBOM Management Using AI

The Growing Importance of SBOMs in Cybersecurity: A Future Driven by AI In the rapidly...

More like this

Millions of Shark Robot Vacuums Exposed to Unpatched Remote Code Execution Vulnerability

Millions of Shark Robot Vacuums Vulnerable to Critical Exploit Millions of internet-connected Shark robot vacuums...

Trump Revives Debunked Claims of Election Hacking

Courts, Audits, and Federal Agencies Found No Evidence That 2020 Votes Were Altered In a...

The Executive Profile Your Security Team Fails to Protect

The Importance of Regular Monitoring and Reducing AI-Indexed Information for Executives In today's rapidly evolving...