Over 37,000 internet-exposed VMware ESXi situations are weak to CVE-2025-22224, a essential out-of-bounds write flaw that’s actively exploited within the wild.
This large publicity is being reported by risk monitoring platform The Shadowserver Basis, which reported a determine of round 41,500 yesterday.
Right now, ShadowServer now experiences that 37,000 are nonetheless weak, indicating that 4,500 gadgets have been patched yesterday.
CVE-2025-22224 is a critical-severity VCMI heap overflow vulnerability that permits native attackers with administrative privileges on the VM visitor to flee the sandbox and execute code on the host because the VMX course of.
Broadcom warned prospects about it together with two different flaws, CVE-2025-22225 and CVE-2025-22226, on Tuesday, March 4, 2025, informing that every one three have been being exploited in assaults as zero-days.
The failings have been found by Microsoft Menace Intelligence Middle, which noticed their exploitation as zero days for an undisclosed interval. Additionally, no details about the origin of the assaults and the targets has been shared but.
The U.S. Cybersecurity & Infrastructure Safety Company (CISA) has given federal companies and state organizations till March 25, 2025, to use the obtainable updates and mitigations or cease utilizing the product.
The Shadowserver Basis experiences that a lot of the weak situations are in China (4,400), adopted by France (4,100), the US (3,800), Germany (2,800), Iran (2,800), and Brazil (2,200).
Nonetheless, because of the widespread use of VMware ESXi, a well-liked hypervisor used for virtualization in enterprise IT environments for digital machine administration, the affect is international.
For extra info on the ESXi variations that repair CVE-2025-22224, customers are really helpful to examine Broadcom’s bulletin. At the moment, there are not any workarounds for this drawback.
The seller has additionally printed a FAQ web page for customers to share extra motion suggestions and affect particulars.
