CVE-2025-22225
8.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware ESXi | 8.0 < ESXi80U3d-24585383 | affected |
| n/a | VMware ESXi | 8.0 < ESXi80U2d-24585300 | affected |
| n/a | VMware ESXi | 7.0 < ESXi70U3s-24585291 | affected |
| n/a | VMware Cloud Foundation | 5.x, 4.5.x | affected |
| n/a | VMware Telco Cloud Platform | 5.x, 4.x, 3.x, 2.x | affected |
| n/a | VMware Telco Cloud Infrastructure | 3.x, 2.x | affected |
Weaknesses
- Arbitrary write vulnerability
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.