🚨🚨🚨CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi

Broadcom has issued an advisory regarding three vulnerabilities in various VMware products that have been actively exploited as zero-day attacks. Organizations are strongly encouraged to implement the available patches promptly.

CVE-2025-22224 : is a TOCTOU (Time-of-Check Time-of-Use) vulnerability in VMWare ESXi and Workstation. A local, authenticated attacker with admin privileges could exploit this vulnerability to gain code execution on the virtual-machine executable (VMX) process. (Vulnerability Score=9.3)

CVE-2025-22225 : is an arbitrary write vulnerability in VMware ESXi. A local, authenticated attacker with requisite privileges could exploit this vulnerability through the VMX process to escape the sandbox. (Vulnerability Score=8.2)

CVE-2025-22226 : is an information-disclosure vulnerability in VMware ESXi, Workstation and Fusion. An authenticated, local attacker with admin privileges could exploit this vulnerability to cause the VMX process to leak contents from memory. (Vulnerability Score=7.1)

References:
VMware ESXi 8.0 ESXi80U3d-24585383
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5773
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3d-release-notes.html

VMware ESXi 8.0 ESXi80U2d-24585300
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5772
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2d-release-notes.html

VMware ESXi 7.0 ESXi70U3s-24585291
Downloads and Documentation:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5771
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3s-release-notes.html

VMware Workstation 17.6.3
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Windows&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Linux&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/workstation-pro/17-0/release-notes/vmware-workstation-1763-pro-release-notes.html

VMware Fusion 13.6.3
Downloads and Documentation:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Fusion&displayGroup=VMware%20Fusion%2013&release=13.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/fusion-pro/13-0/release-notes/vmware-fusion-1363-release-notes.html

VMware Cloud Foundation 5.x, 4.5.x
Downloads and Documentation:
https://knowledge.broadcom.com/external/article?legacyId=88287

Telco Cloud Platform 5.x, 4.x, 3.x
Downloads and Documentation:
https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/5-0/Chunk77140612.html
https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/4-0/vmware-telco-cloud-platform-401-release-notes.html
https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/3-1/Chunk1587463997.html#Chunk1587463997

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22226

FIRST CVSSv3 Calculator:
CVE-2025-22224: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2025-22225: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2025-22226: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N