CVE-2025-22224

9.3

CVSS
Critical

PUBLISHED

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious...

Exploited in the wild Low complexity No user interaction

Vendor: VMware
Product: ESXi, Workstation, VMware Cloud Foundation, Telco Cloud Platform, Telco Cloud Infrastructure
Published: Mar 04, 2025
EPSS: —

Description

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

cisa nessus_scanner

CVSS scores

CVSS v3.1 9.3 Critical

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-03-04 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Mar 04, 2025

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/237304	Jun 02, 2025

Vulnerability detail