- 49/2025
- Critical
VMware has released a security update to fix several vulnerabilities across VMware ESXi, Workstation, and Fusion.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, escalate privileges, or execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. VMware ESXi, and Workstation Heap-Overflow Vulnerability (CVE-2025- 22224):
- CVSS: 9.3
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware ESXi, Workstation, and Fusion HGFS Information Disclosure Vulnerability (CVE-2025-22226):
- CVSS: 7.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
It should be highlighted that VMware is aware that the three zero-day vulnerabilities “CVE-2025-22224, CVE-2025-22225, CVE-2025-22226” are being exploited in the wild.
Vulnerabilities
- CVE-2025-22224
- CVE-2025-22225
- CVE-2025-22226
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.