A naukri.com initiative
Dev
3w
853
Image Credit: Dev
New VMware ESXi Vulnerability Chain Enables VM Escape — Now Exploited in the Wild
- A set of critical vulnerabilities in VMware ESXi, including CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allows attackers to escape virtual machines and compromise host systems.
- The vulnerabilities have been observed exploited in the wild, affecting ESXi 7.x and 8.x environments as well as related VMware products like vSphere, Workstation, Fusion, and Cloud Foundation.
- CVE-2025-22224 involves a race condition in VMCI leading to heap memory corruption, while CVE-2025-22225 and CVE-2025-22226 relate to memory access issues in ESXi modules and the host-guest file system interface.
- When chained together, these vulnerabilities enable full VM escape, allowing attackers to control the host, leak sensitive data, and disrupt business operations.
- VMware advises immediate patching for ESXi 7.x and 8.x to prevent exploitation, as well as legacy versions like 6.5 and 6.7, which lack automatic updates.
- Mitigation involves applying official patches provided by VMware, as there are no reliable workarounds available to address the vulnerabilities.
- Temporary measures include securing network access, hardening guest VMs, and enabling monitoring and auditing to detect signs of exploitation.
- Patches for ESXi versions 6.5, 6.7, 7.0, and 8.0 are available, along with updates for desktop virtualization products like VMware Workstation Pro and Fusion.
- The vulnerabilities were publicly disclosed on March 4, 2025, prompting an emergency advisory from Chaitin Security Lab the following day.
- VM escape vulnerabilities pose a severe risk and require immediate action to protect virtual infrastructures from potential exploits.
Read Full Article
1 Like
For uninterrupted reading, download the app