VMWare Products Multiple Vulnerabilities

Release Date: 5 Mar 2025 1202 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - VM Ware

TYPE: VM Ware

Multiple vulnerabilities were identified in VMware products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and data manipulation on the targeted system.

 

Note: CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 are actively exploited in the wild. 

For CVE-2025-22224, a malicious actor with local administrative privileges may trigger this vulnerability to execute code as the virtual machine's VMX process running on the host.

For CVE-2025-22225, a malicious actor with privileges may trigger an arbitrary kernel write leading to an escape of the sandbox.

For CVE-2025-22226, a malicious actor with administrative privileges may trigger this vulnerability to leak memory from the vmx process.

Impact

  • Remote Code Execution
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • VMware Cloud Foundation 4.5.x
  • VMware Cloud Foundation 5.x
  • VMware Fusion 13.x
  • VMware ESXi 7.0
  • VMware ESXi 8.0
  • VMware Telco Cloud Infrastructure 2.x, 3.x, 4.x, 5.x
  • VMware Telco Cloud Platform 2.x, 3.x
  • VMware Workstation 17.x

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Vulnerability Identifier

Source

Related Link

Related Tags

VMwareRemote Code ExecutionInformation DisclosureData ManipulationExploit In The Wild

Share with

Previous

Android Multiple Vulnerabilities

4 Mar 2025 1068 Views

Next

Mozilla Products Multiple Vulnerabilities

5 Mar 2025 936 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY