- 2024년 글로벌 반도체 매출 19% 증가··· 메모리 매출은 64% 급증
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers
- These Pixel earbuds are a must-have for Android users - and they're still on sale
- Apple Watch Series 9 vs. Series 8: Which model should you buy?
- SolarWinds buys Squadcast to speed incident response
VMware Warns Customers to Patch Actively Exploited Zero-Day Flaws
VMware has issued a critical security advisory, warning customers that three zero-day vulnerabilities are being actively exploited in the wild.
The vulnerabilities range from important to severe in severity levels, and impact the VMware ESXi, Workstation and Fusion products.
The flaws were reported to the cloud software firm by Microsoft Threat Intelligence Center.
Customers of the affected products have been urged to immediately apply updates to remediate the vulnerabilities, with no workarounds available.
No details have been provided on the identity of the threat actors who are exploiting the zero days.
New VMware Vulnerability Types
The first vulnerability detailed in the March 4 advisory is CVE-2025-22224, a heap-overflow issue assigned a severe CVSS base score of 9.3.
VMware ESXi and Workstation contain the Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write.
VMware said that a malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. VMX is a process that runs in the VMkernel that is responsible for handling input/output to devices that are not critical to performance.
The second vulnerability being actively exploited is an arbitrary write flaw contained in the VMware ESXi product, CVE-2025-22225. This has been assigned an important CVSS base score of 8.2.
A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
The final flaw listed in the advisory, CVE-2025-22226, is an information disclosure vulnerability in VMware ESXi, Workstation and Fusion. It is caused by an out-of-bounds read in HGFS.
A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process, VMware warned.
The vulnerability has been assigned as important, with a CVSS Score of 7.1.
Continued Exploitation of Software Vulnerabilities
The latest advisory follows extensive targeting of vulnerabilities in software products in the past year, enabling threat actors to compromise multiple organizations.
This includes by Chinese state-sponsored actors, who heavily exploited multiple Ivanti vulnerabilities in 2024.
Several ransomware groups, including Helldown and Play, have been observed targeting VMware environments to gain initial access to critical business systems and data.
Image credit: IB Photography / Shutterstock.com
