Summary: Researchers at Sygnia have identified a new attack method that leverages vulnerabilities in VMware, allowing malicious actors to escape virtual machines and deploy ransomware across corporate networks. The report illustrates how attackers can exploit web server weaknesses to gain unauthorized access to VMwareβs ESXi hypervisor and emphasizes the urgent need for improved security measures. The active exploitation of these vulnerabilities presents significant risks, highlighting the limitations of existing security controls in virtualization environments.
Affected: VMware environments and organizations using ESXi hypervisors
Keypoints :
- New exploit methods leverage vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) to bypass network security and deploy ransomware.
- Attackers target web servers to gain entry, with any exposed VM serving as a potential entry point into the network.
- Security teams face limited visibility, as typical security agents are not deployed on ESXi hosts, allowing attacks to go undetected.
Source: https://securityonline.info/web-shell-to-ransomware-new-vmware-attack-vector-exposed-by-sygnia/