{"uuid": "79d4e281-e369-43ce-8b91-ea57a0895ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22226", "type": "exploited", "source": "https://t.me/cIub1337/49", "content": "Multiple critical vulnerabilities have been identified in VMware products, with evidence of active exploitation by ransomware groups. \n\nOrganizations using these products should urgently apply the recommended patches to mitigate potential risks.  \n\n 1. CISA Adds Four Known Exploited Vulnerabilities to Catalog: On March 4, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog to include four new vulnerabilities: \n \u2022 CVE-2024-50302: A Linux Kernel Use of Uninitialized Resource Vulnerability. \n \u2022 CVE-2025-22225: A VMware ESXi Arbitrary Write Vulnerability. \n \u2022 CVE-2025-22224: A VMware ESXi and Workstation TOCTOU Race Condition Vulnerability. \n \u2022 CVE-2025-22226: A VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability. \nCISA emphasizes that these vulnerabilities are actively exploited and pose significant risks, urging organizations to prioritize timely remediation as part of their vulnerability management practices.\n 2. Kevin Beaumont\u2019s Cyberplace Post: Cybersecurity expert Kevin Beaumont highlighted that three different zero-day vulnerabilities in VMware products are currently under active exploitation. He noted that these vulnerabilities are being leveraged by threat actors, underscoring the critical need for immediate patching and mitigation efforts.\n 3. Broadcom Security Advisory (VMSA-2025-0004): On March 4, 2025, Broadcom released a security advisory addressing multiple vulnerabilities in VMware products:\n \u2022 CVE-2025-22224: A critical heap-overflow vulnerability in VMware ESXi and Workstation that could allow a malicious actor with local administrative privileges on a virtual machine to execute code as the VMX process on the host. \n \u2022 CVE-2025-22225: An arbitrary write vulnerability in VMware ESXi, enabling a malicious actor with VMX process privileges to perform arbitrary kernel writes, potentially leading to a sandbox escape. \n \u2022 CVE-2025-22226: An information disclosure vulnerability in VMware ESXi, Workstation, and Fusion due to an out-of-bounds read in HGFS, which could allow an attacker with administrative privileges on a virtual machine to leak memory from the VMX process. \nBroadcom has released patches to address these vulnerabilities and recommends that affected users apply them promptly.\n\n#ransomware #vmware\n\nTelegram   \u2709\ufe0f @cIub1337\nX (Twitter) \ud83d\udd4a @club31337", "creation_timestamp": "2025-03-10T18:48:29.000000Z"}