CVE-2025-22224
9.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| VMware | ESXi | 8.0 < ESXi80U3d-24585383 | affected |
| VMware | ESXi | 8.0 < ESXi80U2d-24585300 | affected |
| VMware | ESXi | 7.0 < ESXi70U3s-24585291 | affected |
| VMware | Workstation | 17.x < 17.6.3 | affected |
| VMware | VMware Cloud Foundation | 5.x, 4.5.x | affected |
| VMware | Telco Cloud Platform | 5.x, 4.x, 3.x, 2.x | affected |
| VMware | Telco Cloud Infrastructure | 3.x, 2.x | affected |
Weaknesses
- Heap-overflow vulnerability
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.