Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

VMware Warns of Three Exploited Zero Days

March 5, 2025
Reading Time: 3 mins read
in Alerts
Malicious Go Packages Target Linux and macOS

Broadcom issued a security alert on Tuesday morning concerning three critical zero-day vulnerabilities that affect VMware products, including ESXi, Workstation, and Fusion. The vulnerabilities, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have been actively exploited in the wild, prompting Broadcom to release patches for each affected product. However, no workarounds are available, leaving users to rely on the patches to mitigate the risks associated with these vulnerabilities.

The flaws have the potential to allow attackers to execute arbitrary code, escape virtual machine (VM) sandboxes, and leak sensitive information, which poses a severe threat to system security and the integrity of virtualized environments.

CVE-2025-22224 is identified as a critical vulnerability in the VMCI (Virtual Machine Communication Interface) component of VMware ESXi and Workstation. It is classified as a heap overflow issue, and it allows attackers with local administrator privileges on a virtual machine to execute arbitrary code within the VMX process running on the host system.

This means that an attacker could potentially gain control of the hypervisor itself, which is a highly privileged environment that manages multiple virtual machines. The impact of such an exploit could be disastrous, as it would allow the attacker to take control of the host and any other VMs running on it, effectively compromising the entire virtualized infrastructure.

The second vulnerability, CVE-2025-22225, affects VMware ESXi and is a high-severity flaw that allows attackers to trigger an arbitrary kernel write.

This vulnerability arises within the VMX process and allows attackers who have privileges within a compromised VM to execute arbitrary code on the host system, leading to a VM escape. A VM escape occurs when an attacker is able to break out of the confines of a virtual machine and gain access to the underlying host system. This poses a significant risk, as attackers could then compromise the entire host, access sensitive data, and potentially move laterally within the network. Such an exploit would give attackers greater control and could enable a wide range of malicious activities, such as data exfiltration or the installation of additional malware.

CVE-2025-22226 is the third vulnerability and is related to an out-of-bounds read bug in the HGFS (Host-Guest File System) component of VMware ESXi, Workstation, and Fusion.

This issue allows attackers with administrative privileges in a virtual machine to leak memory from the VMX process. The information disclosure flaw could result in the exposure of sensitive information stored in the host system’s memory, including authentication tokens and other critical data. While there have been no reports of widespread exploitation, Broadcom and Microsoft Threat Intelligence Center, which helped identify the vulnerabilities, caution that the flaws may be exploited in targeted attacks.

These attacks likely involve a multi-stage process where attackers first compromise a VM before exploiting the vulnerabilities to gain access to the host system and potentially exfiltrate sensitive data.

At present, there is no public evidence indicating that these zero-day vulnerabilities have been widely exploited. However, Broadcom suggests that because these vulnerabilities require elevated privileges to exploit, they are likely being used in more targeted attacks, possibly following an initial compromise of the victim’s system. Broadcom’s analysis indicates that these flaws could lead to a VM escape, wherein an attacker gains privileged access to the hypervisor environment and can compromise both the host system and the virtual machines running on it.

Reference:
  • Broadcom Warns VMware Customers About Three Zero-Day Vulnerabilities
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMarch 2025
ADVERTISEMENT

Related Posts

Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025
Hackers Use Leaked Shellter License Malware

Windows BitLocker Vulnerability Flaw

July 9, 2025
Hackers Use Leaked Shellter License Malware

Hackers Use Leaked Shellter License Malware

July 9, 2025
Hackers Use Leaked Shellter License Malware

Anatsa Android Trojan Targets 90K Users

July 9, 2025

Latest Alerts

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Windows BitLocker Vulnerability Flaw

Anatsa Android Trojan Targets 90K Users

Hackers Use Leaked Shellter License Malware

Subscribe to our newsletter

    Latest Incidents

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    Norwegian Municipalities Hit by Data Breach

    Credit Reports Breached And Sold On Dark Web

    Recruiting Software Exposed 26M Resumes

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial