Security News > 2025 > March > VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches
2025-03-04 14:13
Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with
News URL
https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html
Related news
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Broadcom warns of authentication bypass in VMware Windows Tools (source)
- New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released (source)
- VMware Workstation auto-updates broken after Broadcom URL redirect (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-04 | CVE-2025-22224 | Unspecified vulnerability in VMWare products VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | 8.2 |