U.S. know-how large Broadcom is warning {that a} trio of VMware vulnerabilities are being actively exploited by malicious hackers to compromise the networks of its company prospects.
The three vulnerabilities — collectively dubbed “ESXicape” by one security researcher — have an effect on VMware ESXi, Workstation, and Fusion, that are widely-used software program hypervisor merchandise that permit a number of digital machines to be managed on a single server. Hypervisors are generally used to scale back the necessity to take up bodily server area.
Broadcom, which acquired VMware in 2023, stated that the vulnerabilities (tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) may permit an attacker with administrator or root privileges on a digital machine to flee its protected sandbox and achieve broader unauthorized entry to the underlying hypervisor product.
With entry to the hypervisor, an attacker can achieve entry to every other digital machine, together with digital programs owned by different corporations inside the identical bodily information middle.
Broadcom says it has “info to counsel” that the vulnerabilities have been exploited within the wild.
“The affect right here is big, an attacker who has compromised a hypervisor can go on to compromise any of the opposite digital machines that share the identical hypervisor,” Stephen Fewer, principal security researcher at menace intelligence firm Rapid7, advised information.killnetswitch.
Broadcom didn’t share any particulars in regards to the nature of the assaults or the menace actors behind them and didn’t say whether or not any buyer information had been accessed. A spokesperson for Broadcom didn’t reply to information.killnetswitch’s questions. Microsoft, which found and reported the vulnerabilities to Broadcom, additionally didn’t reply by press time.
Safety researcher Kevin Beaumont stated in a put up on Mastodon that the three vulnerabilities are actively being exploited by an as-yet-unnamed ransomware group.
VMware vulnerabilities are regularly focused by ransomware teams because of their means to be exploited to compromise a number of servers throughout a single assault, and provided that delicate company information is usually saved in these virtualized environments.
Microsoft found in 2024 that a number of ransomware teams have been exploiting a VMware hypervisor flaw in assaults deploying Black Basta and LockBit ransomware in data-stealing campaigns concentrating on company information. The earlier 12 months, a large-scale hacking marketing campaign, dubbed “ESXIArgs,” noticed ransomware teams exploit a two-year-old VMware vulnerability to focus on 1000’s of organizations worldwide.
Broadcom has launched patches for the three vulnerabilities, that are classed as “zero-day” bugs because of the reality they have been exploited earlier than a repair was made accessible. Broadcom described its security advisory as an “emergency” change and is urging prospects to use the patches as quickly as potential.
U.S. authorities cybersecurity company CISA can be warning federal companies to patch in opposition to the bugs, which it has added to its working catalog of vulnerabilities identified to be beneath assault.
