Over 37,000 VMware ESXi servers vulnerable to ongoing attacks

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. This massive exposure is being reported by threat monitoring platform The Shadowserver Foundation, which reported a figure of around 41,500 yesterday. Today, ShadowServer now reports that 37,000 are still vulnerable, indicating that 4,500 devices were patched yesterday. CVE-2025-22224 is a critical-severity VCMI heap overflow vulnerability that enables local attackers with administrative privileges on the VM guest to escape the sandbox and execute code on the host as the VMX process. Broadcom warned customers about it along with two other flaws, CVE-2025-22225 and CVE-2025-22226, on Tuesday, March 4, 2025, informing that all three were being exploited in attacks as zero-days. The flaws were discovered by Microsoft Threat Intelligence Center, which observed their exploitation as zero days for an undisclosed period. Also, no ... Read full article.