VMware ESXi Hypervisor Escape – CVE-2025-22224 and 2 Others

Request an audit

Wednesday 12th March 2025

VMware ESXi Hypervisor Escape

Broadcom published a security bulletin on 3rd March detailing 3 VMware ESXi vulnerabilities:

CVE-2025-22224 (CVSS v3.1: 9.3 [Critical]) is a VMCI heap-overflow vulnerability that enables local attackers with administrator privileges in a VM to escape and execute commands on the hypervisor host.
CVE-2025-22225 (CVSS v3.1: 8.2 [High]) is a VMware ESXi arbitrary write vulnerability that enables local attackers with administrator privileges in a VM to escape and execute commands on the hypervisor host.
CVE-2025-22226 (CVSS v3.1: 7.1 [High]) is an HGFS information-disclosure vulnerability.

The latest threat intelligence from The Shadowserver Foundation shows that companies are making progress in patching these vulnerabilities. On 6th March, 41,000 instances were vulnerabilities. On 11th March, 35,565 instances worldwide were vulnerable. In Europe, 9-10,000 instances were vulnerable.

Affected Products

VMware Product	Version	Running On	CVE	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware ESXi	8.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi80U3d-24585383	None	FAQ
VMware ESXi	8.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi80U2d-24585300	None	FAQ
VMware ESXi	7.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi70U3s-24585291	None	FAQ
VMware Workstation	17.x	Any	CVE-2025-22224, CVE-2025-22226	9.3, 7.1	Critical	17.6.3	None	FAQ
VMware Fusion	13.x	Any	CVE-2025-22226	7.1	Important	13.6.3	None	FAQ
VMware Cloud Foundation	5.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	Async patch to ESXi80U3d-24585383	None	Async Patching Guide: KB88287
VMware Cloud Foundation	4.5.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	Async patch to ESXi70U3s-24585291	None	Async Patching Guide: KB88287
VMware Telco Cloud Platform	5.x, 4.x, 3.x, 2.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	KB389385	None	FAQ
VMware Telco Cloud Infrastructure	3.x, 2.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	KB389385	None	FAQ

Services

IT security assessment

Security & network assessment

Ethical hacking

OT/IoT security assessment

Red & Blue Teaming

Microsoft Identity assessment

Governance

Decision tree

GDPR assessment

NIS2 assessment

ISO 27k assessment

Social engineering

Networking

Security & network assessment

OT/IoT network assessment

Identify

Managed services

Network Operations Centre (NOC)

Security Operations Centre (SOC)

Network as a Service (NaaS)

Security Governance

UBA

Governance

Chief Information Security Officer (CISO)

Information Security Officer (ISO)

Social engineering

Security awareness training

Information Protection & Governance

Security & networking optimization

OT Network segmentation

Secure Remote Access for OT

Industrial connectivity

High-level design

Wireless/wired networking

Prevent & protect

Managed services

Security Operations Center (SOC)

CSIRT

OT Threat monitoring & response

Managed services for OT

Network Operations Centre (NOC)

Governance

Chief Information Security Officer (CISO)

Data Protection Officer (DPO)

Detect & respond

Managed services

Network Operations Centre (NOC)

Security Operations Centre (SOC)

Network as a Service (NaaS)

CISO as a Service

DPO as a Service

Governance

Chief Information Security Officer (CISO)

Data Protection Officer (DPO)

Recover

VMware ESXi Hypervisor Escape – CVE-2025-22224 and 2 Others

VMware ESXi Hypervisor Escape

Affected Products

Ready to discuss your security needs?