Critical Security Alert: VMware Vulnerabilities Demand Immediate Action

In a recent VMware Security Advisory, VMware disclosed several critical vulnerabilities affecting a range of products, including VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Infrastructure. These vulnerabilities—CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226—are actively being exploited in the wild, posing significant risks to virtualized environments and demand immediate attention.

Impacted VMware Products and Versions

The vulnerabilities affect the following VMware products:

1. VMware ESXi:
   • Versions prior to 8.0 Update 3d (Build 24585383).
   • Versions prior to 7.0 Update 3s (Build 24585291).
2. VMware Workstation:
   • Versions prior to 17.6.3.
3. VMware Fusion:
   • Versions prior to 13.6.3.
4. VMware Cloud Foundation:
   • Versions 4.5.x and 5.x.
5. VMware Telco Cloud Infrastructure:
   • Versions 2.x and 3.x.

What These Vulnerabilities Can Do

If left unpatched, these vulnerabilities can have severe consequences:

1. Arbitrary Code Execution (CVE-2025-22224):
   • Exploiting this vulnerability allows attackers with administrative privileges on a virtual machine to execute arbitrary code on the host system. This could lead to complete control over the hypervisor, compromising all virtual machines running on the host.
2. Privilege Escalation and Sandbox Escape (CVE-2025-22225):
   • Attackers can escape the virtual machine sandbox, gaining unauthorized access to the host system. This could enable them to manipulate system configurations, access sensitive data, or disrupt operations.
3. Information Disclosure (CVE-2025-22226):
   • This vulnerability allows attackers to leak sensitive memory data, potentially exposing confidential information stored in the virtualized environment.
4. Virtual Machine Escape:
   • Exploitation of these vulnerabilities can lead to a "VM escape," where attackers move from a compromised virtual machine to the underlying hypervisor. This could grant them access to all virtual machines on the host, as well as the host's storage and network configurations.
5. Ransomware and Data Breaches:
   • Unpatched systems are prime targets for ransomware attacks. Attackers could encrypt critical data, disrupt business operations, and demand ransom payments. Additionally, sensitive data could be exfiltrated, leading to significant financial and reputational damage.

Required Patches

VMware has released patches to address these vulnerabilities:

• VMware ESXi:
  • For version 8.0: Apply Update 3d (Build 24585383) or Update 2d (Build 24585300).
  • For version 7.0: Apply Update 3s (Build 24585291).
• VMware Workstation: Upgrade to version 17.6.3.
• VMware Fusion: Upgrade to version 13.6.3.
• VMware Cloud Foundation: Apply the latest updates for versions 4.5.x and 5.x.
• VMware Telco Cloud Infrastructure: Apply the latest updates for versions 2.x and 3.x.

Conclusion
Helient strongly recommends customers to act swiftly to apply the necessary patches to mitigate identified vulnerabilities and protect your Infrastructure. If you would like more information or assistance in mitigation, please contact our industry-leading experts at service@helient.com.