Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-22224

CRITICAL
Published 2025-03-04T11:56:12.317Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-22224. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.3
/10
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.306
probability
of exploitation in the wild

There is a 30.6% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.965
Higher than 96.5% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Available Exploits

No exploits available for this CVE.

Related News

Web Shell to Ransomware: New VMware Attack Vector Exposed by Sygnia

Cybersecurity researchers at Sygnia have uncovered a new attack method that exploits recent VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, and The post Web Shell to Ransomware: New VMware Attack Vector Exposed by Sygnia appeared first on Cybersecurity News.

SecurityOnline.info 2025-03-21 01:54
Read More
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

BleepingComputer 2025-03-06 15:39
Read More
Broadcom fixes three VMware zero-days exploited in the wild; attackers with admin privileges can chain the flaws to escape the virtual machine's sandbox

Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, includi…

Biztoc.com 2025-03-06 06:30
Read More
CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited

Broadcom published an advisory for three flaws in several VMware products that were exploited in the wild as zero-days. Organizations are advised to apply the available patches.BackgroundOn March 4, Broadcom published an advisory (VMSA-2025-0004 ) for three …

Tenable.com 2025-03-04 20:15
Read More
CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Critical VMware Vulnerabilities Exploited

Broadcom, the parent company of VMware, has released a critical security advisory (VMSA-2025-0004) detailing multiple vulnerabilities affecting VMware The post CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Critical VMware Vulnerabilities Exploited appeared first on Cybersecurity News.

SecurityOnline.info 2025-03-04 11:21
Read More

Affected Products

VMware

ESXi

Affected Versions:

8.0 8.0 7.0
VMware

Workstation

Affected Versions:

17.x
VMware

VMware Cloud Foundation

Affected Versions:

5.x, 4.5.x
VMware

Telco Cloud Platform

Affected Versions:

5.x, 4.x, 3.x, 2.x
VMware

Telco Cloud Infrastructure

Affected Versions:

3.x, 2.x

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

March 25, 2025

Added to KEV

March 4, 2025

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: VMware
Product: ESXi and Workstation

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.03.04 Released: March 4, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-j652-46fv-w96g

Advisory Details

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-22224
WEB https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

Advisory provided by GitHub Security Advisory Database. Published: March 4, 2025, Modified: March 4, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

3 posts
Reddit 1 week, 2 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (16/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53833](https://nvd.nist.gov/vuln/detail/CVE-2025-53833)** - 📝 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which …

Also mentions: CVE-2025-49706 CVE-2025-49704 CVE-2025-47812 CVE-2025-4941 CVE-2024-50379
2
2.0
View Original High Risk
Reddit 1 week, 3 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (15/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49706](https://nvd.nist.gov/vuln/detail/CVE-2025-49706)** - 📝 Microsoft SharePoint Server Spoofing Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 6.3 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 3 - 📝 **Analysis:** A SharePoint Server spoofing …

Also mentions: CVE-2025-49706 CVE-2025-49704 CVE-2025-47812 CVE-2024-27348 CVE-2024-50379 CVE-2023-45866 CVE-2020-0556
2
2.0
View Original High Risk
Reddit 1 week, 3 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (15/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49706](https://nvd.nist.gov/vuln/detail/CVE-2025-49706)** - 📝 Microsoft SharePoint Server Spoofing Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 6.3 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 3 - 📝 **Analysis:** A SharePoint Server spoofing …

Also mentions: CVE-2025-49706 CVE-2025-49704 CVE-2025-47812 CVE-2024-27348 CVE-2024-50379 CVE-2023-45866 CVE-2020-0556
1
1.0
View Original High Risk

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
Published: 2025-03-04T11:56:12.317Z
Last Modified: 2025-04-03T14:39:46.987Z
Copied to clipboard!