CVE-2025-22225

Summary

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

Affected Software

VendorProductVersion RangeStatus
n/aVMware ESXi8.0 < ESXi80U3d-24585383affected
n/aVMware ESXi8.0 < ESXi80U2d-24585300affected
n/aVMware ESXi7.0 < ESXi70U3s-24585291affected
n/aVMware Cloud Foundation5.x, 4.5.xaffected
n/aVMware Telco Cloud Platform5.x, 4.x, 3.x, 2.xaffected
n/aVMware Telco Cloud Infrastructure3.x, 2.xaffected

Weaknesses

  • Arbitrary write vulnerability

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References