The Cybersecurity and Infrastructure Security Agency (CISA) has recently made updates to its Known Exploited Vulnerabilities (KEV) Catalog by including four new vulnerabilities that have been actively exploited by malicious cyber actors. These vulnerabilities pose a significant threat to federal agencies and organizations and affect popular systems such as Linux and VMware products. The importance of timely response and patching to address these vulnerabilities is underscored to prevent potential damage and breaches.
The latest additions to the Known Exploited Vulnerabilities Catalog, as confirmed by CISA, include:
1. CVE-2024-50302: Linux Kernel Use of Uninitialized Resource Vulnerability
This vulnerability, identified on November 19, 2024, in the Linux kernel, is associated with the improper initialization of a report buffer, which can be exploited to leak kernel memory. It is crucial to zero-initialize the buffer during allocation to prevent data leakage and potential risks to affected Linux operating system versions.
2. CVE-2025-22225: VMware ESXi Arbitrary Write Vulnerability
Released on March 4, 2025, this critical vulnerability in VMware ESXi allows attackers with the right privileges in the VMX process to trigger an arbitrary kernel write, potentially leading to unauthorized access to the host system. With a CVSS score of 8.2 (High), immediate attention is required to mitigate this severe threat.
3. CVE-2025-22224: VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
Also disclosed on March 4, 2025, this vulnerability exploits a Time-of-Check to Time-of-Use (TOCTOU) race condition, enabling attackers with local administrative privileges on a virtual machine to execute arbitrary code. Rated at 9.3 (Critical) on the CVSS scale, this vulnerability poses a significant risk to the integrity of the virtual machine host.
4. CVE-2025-22226: VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability
The last vulnerability added to the catalog on March 4, 2025, concerns an information disclosure flaw in VMware ESXi, Workstation, and Fusion, allowing malicious actors to leak memory from the VMX process due to an out-of-bounds read in the HGFS module. While not as severe, it still poses a 7.1 (High) CVSS risk for users running vulnerable versions.
These vulnerabilities are actively exploited by cyber adversaries and demand immediate remediation to prevent data breaches, system compromise, and unauthorized access. The CISA catalog aids federal agencies in identifying and addressing vulnerabilities to enhance security measures and safeguard against potential cyber threats.
The affected products, including Linux and VMware systems, require prompt patching and updates to mitigate exploitation risks. Organizations must adhere to security best practices, monitor for updates, and implement protective measures to minimize vulnerabilities and reinforce cybersecurity defenses.
In conclusion, organizations should prioritize applying security patches, following guidance from CISA and vendors, monitoring vulnerability catalogs for updates, and adopting security protocols to reduce risks associated with exploited vulnerabilities. Adhering to these measures is essential to uphold the integrity of systems and enhance cybersecurity resilience against evolving threats.