CVE-2025-22226:The CVE-2025-22226 is a high severity information disclosure vulnerability due to an out-of-bounds read in HGFS. This vulnerability affects VMware ESXi, Workstation, and Fusion. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

splash
Back

Description Preview

The CVE-2025-22226 is a high severity vulnerability that affects VMware ESXi, Workstation, and Fusion. This vulnerability is due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process, leading to an information disclosure vulnerability. The vulnerability has a CVSS v3.1 base score of 7.1, indicating a high level of severity. The vulnerability is exploitable with low complexity and does not require user interaction.

Overview

The vulnerability was discovered in VMware ESXi, Workstation, and Fusion. It is due to an out-of-bounds read in HGFS. The vulnerability allows a malicious actor with administrative privileges to a virtual machine to leak memory from the vmx process, leading to an information disclosure vulnerability. The vulnerability affects versions less than ESXi80U3d-24585383, ESXi80U2d-24585300, ESXi70U3s-24585291 for ESXi, versions less than 17.6.3 for VMware Workstation, versions less than 13.6.3 for VMware Fusion, and versions 5.x, 4.5.x for VMware Cloud Foundation, and versions 5.x, 4.x, 3.x, 2.x for VMware Telco Cloud Platform, and versions 3.x, 2.x for VMware Telco Cloud Infrastructure.

Remediation

Users are advised to update their VMware ESXi, Workstation, and Fusion to the latest versions to mitigate this vulnerability. For ESXi, users should update to version ESXi80U3d-24585383 or later. For VMware Workstation, users should update to version 17.6.3 or later. For VMware Fusion, users should update to version 13.6.3 or later. For VMware Cloud Foundation, users should update to version 5.x, 4.5.x or later. For VMware Telco Cloud Platform, users should update to version 5.x, 4.x, 3.x, 2.x or later. For VMware Telco Cloud Infrastructure, users should update to version 3.x, 2.x or later.

References

For more information about this vulnerability, you can refer to the following link: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Transportation & Warehousing
    Transportation & Warehousing
  5. Educational Services
    Educational Services
  6. Finance and Insurance
    Finance and Insurance
  7. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  8. Retail Trade
    Retail Trade
  9. Other Services (except Public Administration)
    Other Services (except Public Administration)
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Utilities
    Utilities
  12. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  13. Information
    Information
  14. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  15. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  16. Accommodation & Food Services
    Accommodation & Food Services
  17. Construction
    Construction
  18. Mining
    Mining
  19. Wholesale Trade
    Wholesale Trade
  20. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background