Table of Contents

    About the Author

    Security Advisory

    Security Advisory

    The CyberMaxx team publishes weekly security advisories based on data and research found in the wild.

    More Articles

    Additional Resources:

    3 Vulnerabilities Identified in VMWare’s ESXi, allowing for VM Escape

    3 Vulnerabilities Identified in VMWare’s ESXi, allowing for VM Escape

    Threat Alert

    1 min read

    Justifying Security Spend: How to Get the Budget You Need for Offensive Security as a Healthcare CISO

    Justifying Security Spend: How to Get the Budget You Need for Offensive Security as a Healthcare CISO

    Articles

    6 min read

    In this week’s Security Advisory

    • Multiple VMware Zero Days Under Active Exploitation
    • Android Patches Actively Exploited Vulnerability in February Patch Cycle
    • Cisco Patches Credential Exposure Vulnerability
    • Paragon Partition Manager Driver Vulnerability Under Active Exploitation
    • Security Updates Released for Google Chrome and Mozilla Products

    Multiple VMware Zero Days Under Active Exploitation

    Broadcom has released patches for three vulnerabilities affecting VMware products. These vulnerabilities, CVE-2025-22224 (CVSS 9.3/10), CVE-2025-22225 (CVSS 8.2/10), and CVE-2025-22226 (CVSS 7.1/10), can be chained together to allow a malicious actor with admin privileges or root access to escape the VM’s sandbox. Broadcom has confirmed that these have been exploited in the wild.

    Affected Versions 

    • VMware ESXi 8.0, 7.0.
    • VMware Workstation 17.x.
    • VMware Fusion 13.x.
    • VMware Cloud Foundation 5.x, 4.5x.
    • VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x.
    • VMware Telco Cloud Infrastructure 3.x, 2.x.

    Recommendations

    • Apply the released patches.

    More Reading / Information

    Android Patches Actively Exploited Vulnerability in February Patch Cycle

    Android published its March Security Bulletin, which addressed over forty vulnerabilities, two of which are under active exploitation. The first vulnerability under active exploitation, CVE-2024-43093 (CVSS 7.8/10), allows a threat actor to bypass a file path filter, which can lead to privilege escalation. The second vulnerability, CVE-2024-50302, is a zero initialization in the Linux kernel that can lead to memory leaks.

    Affected Versions 

    A full list of affected versions can be found here.

    Recommendations

    Apply the latest patches.

    More Reading / Information

    Cisco Patches Credential Exposure Vulnerability

    Cisco has pushed out updates to its Webex for BroadWorks application to address a new vulnerability that allowed unauthenticated attackers to access credentials remotely. Cisco has yet to assign a CVE ID to track this vulnerability. It is exploitable by a remote attacker due to an unsecure transport configuration for SIP communication, which can lead to credential exposure.

    Affected Versions 

    • Cisco Webex for BroadWorks (on-premises and hybrid cloud) running in a Windows environment.

    Recommendations

    • Cisco has pushed updates to the application. It is recommended that it be restarted to apply these changes.
    • Credentials should be rotated to ensure that no active ones that may have been compromised could be abused.

    More Reading / Information

    Paragon Partition Manager Driver Vulnerability Under Active Exploitation

    Threat actors have used five vulnerabilities in Paragon drivers to escalate privileges and execute arbitrary code. These vulnerabilities can be chained together to allow malicious actors to compromise devices and deploy ransomware. Since this is under active exploitation, it is recommended to apply the patches as soon as you are able.

    Affected Versions 

    • Paragon Hard Disk Manager 15-17 (all editions, until 17.39).
    • Paragon Partition Manager 15-17 (all editions, until 17.39).
    • Paragon Backup & Recovery 15-17 (all editions, until 17.39).
    • Paragon Drive Copy 15-16.
    • Paragon Disk Wiper 15-16.
    • Paragon Migrate OS to SSD 4-5.

    Recommendations

    Apply the updates for the affected products. The full steps can be found here.

    More Reading / Information

    Security Updates Released for Google Chrome and Mozilla Products

    Google Chrome announced patches with an updated browser version, which has addressed fourteen new vulnerabilities. Successful exploitation of these can lead to code execution, data corruption, and denial of service. Mozilla has released updates to Firefox ESR, Thunderbird, and Thunderbird ESR to address fifteen vulnerabilities, including eight high-severity vulnerabilities.

    Recommendations

    • Update Google Chrome to 134.0.6998.45 for Windows and Mac, and 134.0.6998.44 for Linux.
      • Recent versions of Google Chrome have auto-update enabled by default. Organizations should confirm that the setting is not disabled and that they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied to users is essential. Additionally, browsers must be restarted to apply updates.
    • Update Mozilla Firefox ESR and Thunderbird ESR to version 128.8.
    • Update Mozilla Thunderbird to version 136.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.