CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-22224

CVSS 9.3v3.1pub. 2025-03-04upd. 2025-10-30

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • VMware Cloud Foundation

    APP
    Vmware
    wszystkie wersje
  • VMware ESXi

    OS
    Vmware
    7.08.0
  • VMware Telco Cloud Infrastructure

    APP
    Vmware
    2.22.52.73.0
  • VMware Telco Cloud Platform

    APP
    Vmware
    2.02.52.73.04.04.0.15.0
  • VMware Workstation

    APP
    Vmware
    17.0 – 17.6.3 (bez)

CISA KEV — detailsi

Vendori
VMware
Producti
ESXi and Workstation
Added to KEVi
March 4, 2025
Remediation deadline (US Federal)i
March 25, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 25 marca 2025
Tags
MemoryRace Condition
CWE
References

Related vulnerabilities

CVE-2024-38812CRITICAL9.8⚠ KEVPL ✓ten sam produkt

VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE

CVE-2024-37079CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Heap overflow w VMware vCenter Server via protokół DCERPC — RCE

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2021-22005CRITICAL9.8⚠ KEVten sam produkt

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...

CVE-2021-21985CRITICAL9.8⚠ KEVten sam produkt

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in t...