Broadcom fixes three VMware zero-days exploited in attacks

Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Attackers with privileged administrator or root access can chain these flaws to escape the virtual machine's sandbox. "This is a situation where an attacker who has already compromised a virtual machine's guest OS and gained privileged access (administrator or root) could move into the hypervisor itself," the company explained today. "Broadcom has information to suggest that exploitation of these issues has occurred 'in the wild'." Broadcom says CVE-2025-22224 is a critical-severity VCMI heap overflow vulnerability that enables local attackers with administrative privileges on the targeted VM to execute code as the VMX process running on t ... Read full article.