VMSA-2025-0004 – VMware ESXi, Workstation, and Fusion multiple Vulnerability
VMware by Broadcom has released VMware ESXi, Workstation, and Fusion updates to address multiple vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226.
Impacted Products:
- VMware ESXi
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion
- VMware Cloud Foundation
- VMware Telco Cloud Platform
CVE-2025-22224 | VMCI heap-overflow vulnerability
Description:
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
Resolution:
To remediate CVE-2025-22224 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
CVE-2025-22225 | VMware ESXi arbitrary write vulnerability
Description:
VMware ESXi contains an arbitrary write vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.2. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Resolution:
To remediate CVE-2025-22225 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
CVE-2025-22226 | HGFS information-disclosure vulnerability
Description:
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Resolution:
To remediate CVE-2025-22226 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Response Matrix:
| VMware Product | Version | CVE | CVSSv3 | Severity | Fixed Version | Workarounds |
| VMware ESXi | 8.0 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | ESXi80U3d-24585383 | None |
| VMware ESXi | 8.0 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | ESXi80U2d-24585300 | None |
| VMware ESXi | 7.0 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | ESXi70U3s-24585291 | None |
| VMware Workstation | 17.x | CVE-2025-22224, CVE-2025-22226 | 9.3, 7.1 | Critical | 17.6.3 | None |
| VMware Fusion | 13.x | CVE-2025-22226 | 7.1 | Important | 13.6.3 | None |
| VMware Cloud Foundation | 5.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | Async patch to ESXi80U3d-24585383 | None |
| VMware Cloud Foundation | 4.5.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | Async patch to ESXi70U3s-24585291 | None |
| VMware Telco Cloud Platform | 5.x, 4.x, 3.x, 2.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | KB389385 | None |
| VMware Telco Cloud Infrastructure | 3.x, 2.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 9.3, 8.2, 7.1 | Critical | KB389385 | None |
You can also check my VMware Product Release page for more information regarding released products, release notes, and download links.
Sources:
Broadcom Blog Post
CERT.at
