Back to KEVs

CVE-2025-22224

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 02, 2025
Published Date
March 04, 2025
Last Updated
April 03, 2025
Vendor
VMware
Product
ESXi, Workstation, VMware Cloud Foundation, Telco Cloud Platform, Telco Cloud Infrastructure
Description
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS Scores

CVSS v3.1

9.3 - CRITICAL

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2025-03-04 00:00:00 UTC) Source

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

Known Exploited Vulnerability Information

Source Added Date
CISA 2025-03-04 00:00:00 UTC