CVE-2025-22224

VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2025-22224

VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2025-22224

CVE-2025-22224 refers to a TOCTOU race condition in VMware ESXi/Workstation that can cause an out-of-bounds write. IBM’s security bulletin ties this to Broadcom VMware ESXi vulnerabilities and details that a local admin within a VM can exploit the vulnerability to run code in the host’s VMX proce...

PT-2025-9653

Name of the Vulnerable Software and Affected Versions VMware ESXi VMware Workstation VMware Fusion VMware Cloud Foundation VMware Telco Cloud Platform VMware Telco Cloud Infrastructure versions prior to 8.0 Description The software contains an information disclosure issue due to an out-of-bounds...

CVE-2025-22226

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. Recent assessments: remmons-r7 at...

CVE-2025-22224

VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host...

CVE-2025-22225

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. Recent assessments: remmons-r7 at January 13, 2026 1:24am UTC reported: CVE-2025-22225 is an arbitrary write...

PT-2025-9651

Name of the Vulnerable Software and Affected Versions VMware ESXi and Workstation versions prior to patch availability VMware Fusion versions prior to patch availability Description VMware ESXi, Workstation, and Fusion contain a Time-of-Check Time-of-Use TOCTOU vulnerability that results in an...

VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process...

VMware ESXi and Workstation TOCTOU Race Condition Vulnerability

VMware ESXi and Workstation contain a time-of-check time-of-use TOCTOU race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process...

VMware Workstation 17.x < 17.6.3 Multiple Vulnerabilities (VMSA-2024-0004)

The version of VMware Workstation installed on the remote host is 17.x prior to 17.6.3. It is, therefore, affected by multiple vulnerabilities: - VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write. A malicious actor with loca...

VulnCheck KEV: CVE-2025-22226

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process...

PT-2025-9652

Name of the Vulnerable Software and Affected Versions VMware ESXi affected versions not specified Description VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write, leading to an escape of the sandbox...

VulnCheck KEV: CVE-2025-22225

VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox...

VulnCheck KEV: CVE-2025-22224

VMware ESXi and Workstation contain a time-of-check time-of-use TOCTOU race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process...

VMware多款产品 缓冲区错误漏洞

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...

VMware ESXi 安全漏洞

VMware ESXi is a suite of server virtualization platforms from VMware that can be installed directly on physical servers. A security vulnerability exists in VMware ESXi that originates from an arbitrary write and could lead to a sandbox escape...

VMware ESXi和VMware Workstation 安全漏洞

VMware ESXi and VMware Workstation are both products of VMware, Inc. VMware ESXi is a server virtualization platform that can be installed directly on physical servers.VMware Workstation is a set of virtual machine software. VMware Workstation is a suite of virtual machine software that provides...

VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)

Advisory ID: | VMSA-2025-0004 ---|--- Severity: | Critical CVSSv3 Range: | 7.1-9.3 Synopsis: | VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 Issue date: | 2025-03-04 Updated on: | 2025-03-04 Initial Advisory CVEs |...

VMware Fusion 13.x < 13.6.3 HGFS Information Disclosure (VMSA-2025-0004)

The version of VMware Fusion installed on the remote macOS host is 13.x prior to 13.6.3. It is, therefore, affected by an information disclosure vulnerability: - VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious...