{"id":325,"date":"2025-03-06T21:25:07","date_gmt":"2025-03-06T21:25:07","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4295892"},"modified":"2025-03-06T21:25:07","modified_gmt":"2025-03-06T21:25:07","slug":"critical-zero-day-vulnerabilities-found-in-these-vmware-products","status":"publish","type":"post","link":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/","title":{"rendered":"Critical Zero-Day Vulnerabilities Found in These VMware Products"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/zero-day-vulnerability-vmware-broadcom-microsoft-.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft\u2019s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected VMs and sensitive data.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_do_these_vulnerabilities_work\"><\/span>How do these vulnerabilities work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If a threat actor gains administrative access to a virtual machine\u2019s guest OS, they can escalate privileges and break into the hypervisor. Once inside, they could manipulate or access other virtual machines running on the same hypervisor, posing a significant security risk.<\/p>\n<p>The three vulnerabilities are:<\/p>\n<ul>\n<li><strong>CVE-2025-22224:<\/strong>&nbsp;A Time-of-Check Time-of-Use (TOCTOU) vulnerability in VMware ESXi and Workstation which can lead to an out-of-bounds write condition if an attacker already has admin privileges.<\/li>\n<li><strong>CVE-2025-22225:&nbsp;<\/strong>An arbitrary write vulnerability in VMware ESXi.<\/li>\n<li><strong>CVE-2025-22226:&nbsp;<\/strong>An information disclosure vulnerability in VMware ESXi, Workstation, and Fusion that could be used to leak memory.<\/li>\n<\/ul>\n<p>To remediate the vulnerabilities, customers should apply the patches found in&nbsp;<a href=\"https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/25390\" target=\"_blank\" rel=\"noopener\">Broadcom\u2019s notification<\/a>. All versions of VMware ESX, VMware vSphere, VMware Cloud Foundation, or VMware Telco Cloud Platform are affected, except those with the newest update.<\/p>\n<p><strong>SEE:&nbsp;<\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/chrome-extension-firefox-ublock-origin\/\"><strong>Google Chrome\u2019s switch to Manifest V3<\/strong><\/a><strong>&nbsp;continues to break ad blockers such as uBlock Origin.<\/strong><\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<h2><span class=\"ez-toc-section\" id=\"Which_products_are_affected\"><\/span>Which products are affected?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The following products are affected by all three CVEs (<a href=\"https:\/\/www.rapid7.com\/blog\/post\/2025\/03\/04\/etr-multiple-zero-day-vulnerabilities-in-broadcom-vmware-esxi-and-other-products\/\" target=\"_blank\" rel=\"noopener\">via Rapid7<\/a>):<\/p>\n<ul>\n<li>Broadcom VMware ESXi 7.0 and 8.0.<\/li>\n<li>Broadcom VMware Cloud Foundation 4.5.x and 5.x.<\/li>\n<li>Broadcom VMware Telco Cloud Platform 5.x, 4.x, 3.x, and 2.x.<\/li>\n<li>Broadcom VMware Telco Cloud Infrastructure 3.x and 2.x.<\/li>\n<\/ul>\n<p>The following product is vulnerable to CVE-2025-22224 and CVE-2025-22226 specifically:<\/p>\n<ul>\n<li>Broadcom VMware Workstation 17.x.<\/li>\n<\/ul>\n<p>The following product is vulnerable to CVE-2025-22226 specifically:<\/p>\n<ul>\n<li>Broadcom VMware Fusion 13.x.<\/li>\n<\/ul>\n<p>VMware\u2019s Live Patch feature will not apply the patches automatically in this case.<\/p>\n<p>VMware Cloud Foundation Operations, Automation, Aria Suite, and VMware NSX are not affected.<\/p>\n<p>Last year, VMware ESXi servers were hit by a double-extortion&nbsp;<a href=\"https:\/\/www.techrepublic.com\/article\/vmware-esxi-ransomware-cicada3301\/\">ransomware variant<\/a>, with the threat actors impersonating a real organization.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft\u2019s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":326,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-325","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Critical Zero-Day Vulnerabilities Found in These VMware Products - TecnoArtesanos Tech Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Zero-Day Vulnerabilities Found in These VMware Products - TecnoArtesanos Tech Blog\" \/>\n<meta property=\"og:description\" content=\"Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft\u2019s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/\" \/>\n<meta property=\"og:site_name\" content=\"TecnoArtesanos Tech Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-06T21:25:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/zero-day-vulnerability-vmware-broadcom-microsoft-.jpg\" \/>\n<meta name=\"author\" content=\"Sergio Morales\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sergio Morales\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/\",\"name\":\"Critical Zero-Day Vulnerabilities Found in These VMware Products - TecnoArtesanos Tech Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/critical-zero-day-vulnerabilities-found-in-these-vmware-products.jpg\",\"datePublished\":\"2025-03-06T21:25:07+00:00\",\"author\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#primaryimage\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/critical-zero-day-vulnerabilities-found-in-these-vmware-products.jpg\",\"contentUrl\":\"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/critical-zero-day-vulnerabilities-found-in-these-vmware-products.jpg\",\"width\":1400,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.tecnoartesanos.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Zero-Day Vulnerabilities Found in These VMware Products\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#website\",\"url\":\"https:\/\/blog.tecnoartesanos.com\/\",\"name\":\"TecnoArtesanos Tech Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.tecnoartesanos.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807\",\"name\":\"Sergio Morales\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g\",\"caption\":\"Sergio Morales\"},\"sameAs\":[\"https:\/\/sergiomorales.space\"],\"url\":\"https:\/\/blog.tecnoartesanos.com\/index.php\/author\/sergiomorales\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Zero-Day Vulnerabilities Found in These VMware Products - TecnoArtesanos Tech Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/","og_locale":"en_US","og_type":"article","og_title":"Critical Zero-Day Vulnerabilities Found in These VMware Products - TecnoArtesanos Tech Blog","og_description":"Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft\u2019s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected [&hellip;]","og_url":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/","og_site_name":"TecnoArtesanos Tech Blog","article_published_time":"2025-03-06T21:25:07+00:00","og_image":[{"url":"https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/zero-day-vulnerability-vmware-broadcom-microsoft-.jpg","type":"","width":"","height":""}],"author":"Sergio Morales","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sergio Morales","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/","url":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/","name":"Critical Zero-Day Vulnerabilities Found in These VMware Products - TecnoArtesanos Tech Blog","isPartOf":{"@id":"https:\/\/blog.tecnoartesanos.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#primaryimage"},"image":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/critical-zero-day-vulnerabilities-found-in-these-vmware-products.jpg","datePublished":"2025-03-06T21:25:07+00:00","author":{"@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807"},"breadcrumb":{"@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#primaryimage","url":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/critical-zero-day-vulnerabilities-found-in-these-vmware-products.jpg","contentUrl":"https:\/\/blog.tecnoartesanos.com\/wp-content\/uploads\/2025\/03\/critical-zero-day-vulnerabilities-found-in-these-vmware-products.jpg","width":1400,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/06\/critical-zero-day-vulnerabilities-found-in-these-vmware-products\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.tecnoartesanos.com\/"},{"@type":"ListItem","position":2,"name":"Critical Zero-Day Vulnerabilities Found in These VMware Products"}]},{"@type":"WebSite","@id":"https:\/\/blog.tecnoartesanos.com\/#website","url":"https:\/\/blog.tecnoartesanos.com\/","name":"TecnoArtesanos Tech Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.tecnoartesanos.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/ec88bc1410fd158963717c4216f04807","name":"Sergio Morales","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.tecnoartesanos.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d45178fc8fbbe32d39278bc504fa9093f947f406ff4f1ddcfa27505ab772184?s=96&d=mm&r=g","caption":"Sergio Morales"},"sameAs":["https:\/\/sergiomorales.space"],"url":"https:\/\/blog.tecnoartesanos.com\/index.php\/author\/sergiomorales\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts\/325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/comments?post=325"}],"version-history":[{"count":0,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/posts\/325\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/media\/326"}],"wp:attachment":[{"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/media?parent=325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/categories?post=325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tecnoartesanos.com\/index.php\/wp-json\/wp\/v2\/tags?post=325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}