Critical vulnerability in VMware ESXi, Fusion and Workstation is being abused
Broadcom warns of partly critical security leaks in VMware ESXi, Fusion and Workstation. Attackers are already abusing them.
Security gaps in VMware products put users at risk.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The developers have identified vulnerabilities in VMware ESXi, Fusion, and Workstation that could allow attackers to break out of the virtual machines – and are already doing so in the wild. Updated software is available to fix the vulnerabilities. Admins should install them immediately.
Broadcom discusses the flaws in the software in a security announcement for the VMware products. The most serious is a “Time of Check – Time of use” (TOCTOU) vulnerability, which can lead to write access outside the intended memory limits; this is a heap overflow. Malicious actors with admin rights in a virtual machine can abuse this to execute code in the VMX process on the host (CVE-2025-22224, CVSS 9.3, risk “critical”).
VMware: Also high-risk vulnerabilities
Attackers can also exploit a vulnerability that allows arbitrary write access. With any authorizations within the VMX process, they can trigger any kernel write operation and thus break out of the sandbox (CVE-2025-22225, CVSS 8.2, risk “high”). The third vulnerability enables the unauthorized reading of information due to possible read access outside of designated storage areas in the host-guest file system (HGFS). Attackers require admin rights in a VM and can thus read memory from the VMX process (CVE-2025-22226, CVSS 7.1, risk “high”).
Videos by heise
Broadcom points out that the company has indications that all three vulnerabilities are already being attacked. The developers do not mention any temporary countermeasures, so the only thing that helps is to download and install the updates as quickly as possible.
Security updates are available for VMware ESXi 7.0 (70U3s), 8.0 (80U2d & 80U3d), VMware Workstation 17.x (17.6.3), VMware Fusion 13.x (13.6.3), VMware Cloud Foundation 4.5.x (70U3s) and 5.x (80U3d) and finally for VMware Telco Cloud Platform 2.x, 3.x, 4.x and 5.x as well as VMware Telco Cloud Infrastructure 2.x and 3.x (KB389385). Specific links can be found in the security bulletin.
(dmk)
