Broadcast warned consumers nowadays about 3 VMware 0 days marked as operated in assaults and mentioned threats on the Microsoft Intelligence Heart.
Vulnerabilities (CVE-2025-22224, CVE-2025-2225, and CVE-2025-22226) have an effect on the goods of VMWARE ESX, together with VMware ESXI, VSPhere, Workstation, Fusion, Cloud Basis and Telco Cloud Platform.
Attackers with a privileged administrator or get entry to to the roots can connect those shortcomings to keep away from the sandbox of the digital device.
“This is a situation when an attacker who has already compromised a guest OS of a virtual machine and received privileged access (administrator or root), could go to the hypervisor itself,” the corporate defined nowadays. “Broadcom has information to assume that the operation of these problems occurred“ in the wild ”.
Broadcom states that the CVE-2015-2224 is the vulnerability of the VCMI Curep Purplow, which permits native attackers with administrative privileges within the goal digital device to execute the code as a VMX procedure running at the host.
CVE-2025-2225 is an arbitrary ESXI vulnerability, which permits the VMX procedure to begin a piece of an arbitrary nucleus, which results in the salvation of the sandbox, whilst the CVE-2025-2226 is described as a loss of HGFS knowledge, which permits the actors of threats to the administrator during the chief from the VMX procedure.
The consultant of Microsoft was once now not instantly to be had for feedback when he contacted BleepingComputer previous nowadays to obtain further details about those 3 0 days.
VMware vulnerabilities are steadily aimed toward attacking extortion gangs and a bunch of hacker teams backed through the state, as a result of they’re most often utilized in enterprises for storing or shifting confidential company information.
Extra lately, in November, Bodkom warned that attackers are actively exploiting two vulnerabilities of the VMWARE VCENER SERVER, that have been fastened in September. One permits the escalation of privileges to Korneu (CVE-2024-38813), whilst the opposite is a important downside of far flung code (CVE-20124-38812), which was once reported all through the Hacker hacker hacker matrix in China 2024.
In January 20204, Broadcom additionally mentioned that the Hackers of the Chinese language state used the important vulnerability of the Vcel server (CVE-2023-34048) as 0 day, a minimum of on the finish of 2021 for the deployment of VirtualPita and the Virtualpie Backdoors at the inclined Costes of ESXI.
