The U.S. Cybersecurity and Infrastructure Safety Company (CISA) escalated warnings on March 4, 2025, by including 4 extreme vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) Catalog.
Federal companies and personal organizations are urged to prioritize mitigation efforts, as risk actors are actively weaponizing these flaws in VMware ESXi, Workstation, Fusion, and the Linux kernel.
CVE-2025-22225: VMware ESXi Arbitrary Write Vulnerability
VMware’s ESXi hypervisor (variations 7.0–8.0) comprises a reminiscence corruption flaw enabling authenticated attackers with administrative privileges to write down arbitrary knowledge to host methods.
This crucial vulnerability (CVSS 9.1) facilitates hypervisor escapes, permitting attackers to compromise underlying {hardware} or adjoining digital machines.
VMware launched patches in ESXi 8.0 P2, however stories point out a minimum of three superior persistent risk (APT) teams have built-in this exploit into their assault chains.
CVE-2025-22224: VMware ESXi and Workstation TOCTOU Race Situation Vulnerability
A time-of-check-to-time-of-use (TOCTOU) race situation in VMware ESXi (7.0–8.0) and Workstation (17.0–17.5) permits attackers to govern digital machine operations mid-execution.
Exploiting this flaw might result in denial-of-service situations or lateral motion inside virtualized environments.
CISA confirms energetic exploitation in ransomware assaults concentrating on healthcare and power sectors. Mitigation requires updating to Workstation 17.5.1 or ESXi 8.0 P1.
CVE-2025-22226: VMware ESXi, Workstation, and Fusion Info Disclosure Vulnerability
This medium-severity flaw (CVSS 6.5) in VMware’s virtualization suite permits unauthorized actors to entry delicate host system knowledge, together with credentials and configuration recordsdata.
Whereas much less extreme than different CVEs, attackers are leveraging it to assemble intelligence for multi-stage assaults. VMware has issued patches for ESXi (8.0 P2), Workstation (17.5.1), and Fusion (13.5.1).
Beneath Binding Operational Directive (BOD) 22-01, federal companies should remediate these vulnerabilities by March 18, 2025.
Non-public enterprises, although not legally sure, face heightened dangers: VMware merchandise underpin over 70% of worldwide enterprise digital infrastructure.
CISA’s govt assistant director, Matt Hartman, emphasised, “These exploits are usually not theoretical—they’re actively enabling damaging assaults. Patching isn’t optionally available; it’s a survival requirement in at present’s risk panorama.”
As virtualization applied sciences develop into ubiquitous, this advisory underscores the crucial want for organizations to undertake automated patch administration methods and phase digital networks to comprise breaches.
With VMware vulnerabilities accounting for 34% of all KEV entries in 2025, the stakes for cybersecurity groups have by no means been increased.
Acquire Menace Intelligence on the Newest Malware and Phishing Assaults with ANY.RUN TI Lookup -> Strive at no cost