Table of Contents
3 vulnerabilities have been identified that impact ESXi products. All three of these vulnerabilities can be chained together to allow for VM escape into the host OS. The CVE IDs are listed below:
- CVE-2025-22224: Located in the VMCI interface, which can allow for out-of-bounds memory write leading to a heap overflow. Rated 9.3
- CVE-2025-22225: Arbitrary write vulnerability that enables an attacker (with sufficient write privileges) to write into kernel memory. (Privilege Escalation to Sandbox Escape vulnerability). Rated 8.2
- CVE-2025-22226: Out-of-bounds memory read in the HGFS component leading to information leakage. Attackers with admin permissions in a VM can exploit this to leak memory from the VMX process. Rated 7.1
VMWare has confirmed that this vulnerability is being actively exploited in the wild.
Patches are available and it is recommended to immediately download and patch affected products. Due to the active exploitation of these vulnerabilities, the CyberMaxx team recommends to perform a full compromise assessment. No exploits are publicly available, and indicators of compromise have not yet been released.
CyberMaxx is monitoring the situation and will provide updates and remediation guidelines as they become available over the coming days.
Official Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
