+- DoTheNeedful Forums (https://dotheneedful.online/forums)
+-- Forum: Technical Discussions (https://dotheneedful.online/forums/forumdisplay.php?fid=1)
+--- Forum: Cybersecurity (https://dotheneedful.online/forums/forumdisplay.php?fid=2)
+--- Thread: Who's affected by the recent zero-day vulnerabilities in ESXi? (/showthread.php?tid=22)
Who's affected by the recent zero-day vulnerabilities in ESXi? - mistiry - 03-12-2025
See: https://www.rapid7.com/blog/post/2025/03/04/etr-multiple-zero-day-vulnerabilities-in-broadcom-vmware-esxi-and-other-products/
- CVE-2025-22224 (CVSS 9.3): A Time-of-Check Time-of-Use (TOCTOU) vulnerability in VMware ESXi and Workstation that can lead to an out-of-bounds write condition. An attacker with local administrative privileges on a virtual machine could exploit this issue to execute code as the virtual machine's VMX process running on the host.
- CVE-2025-22225 (CVSS 8.2): An arbitrary write vulnerability in VMware ESXi that allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.
- CVE-2025-22226 (CVSS 7.1): An information disclosure vulnerability in VMware ESXi, Workstation, and Fusion that arises from an out-of-bounds read in the Host Guest File System (HGFS). An attacker with administrative privileges to a virtual machine could exploit this issue to leak memory from the VMX process.
I don't directly deal with our ESXi systems at work, but they were up patching systems tonight for this. A few days late
but...NMFP!