Summary: Broadcom has issued urgent patches for three critical vulnerabilities in its VMware ESXi, Workstation, and Fusion technologies that are being actively exploited. These vulnerabilities require an attacker to have administrative access but can allow them to gain control of the underlying host and potentially compromise entire virtual environments. Organizations must apply these patches by March 25 or cease using affected products as mandated by CISA.
Affected: VMware ESXi, Workstation, Fusion
Keypoints :
- Three critical zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) have been identified with high CVSS scores.
- Attackers with administrative access can exploit these vulnerabilities to escape VMs and compromise the host system, leading to widespread attacks.
- CISA has added these vulnerabilities to its list, requiring federal agencies to patch or stop using affected products by March 25.
Source: https://www.darkreading.com/vulnerabilities-threats/vmware-zero-day-bugs-sandbox-escape
Views: 34