CVE-2025-22224 is a critical TOCTOU vulnerability in VMware virtualization products that allows VM escape from guest to host. Despite being in CISA KEV, this requires local administrative privileges within a VM and primarily affects infrastructure software not typically exposed to the internet.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: OTHER
CVE Published: 2025-03-04
Added to CISA KEV: 2025-03-04 0 DAY BETWEEN CVE AND KEV
CVE-2025-22224 is a critical security vulnerability affecting VMware ESXi, Workstation, and Fusion, which was disclosed by Broadcom on March 4, 2025, via VMSA-2025-0004 [1].
VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) ... VMCI heap-overflow vulnerability (CVE-2025-22224). Description: VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability t…
Description. VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor ... CVE-2025-22224 Detail Description VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an…
VMware Vulnerabilities Exploited Actively to Deploy Ransomware - On March 4, 2025, Broadcom released emergency updates to address three critical vulnerabilities – CVE-2025-22224 ... 41,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks - We are scanning & reporting out VMware ESXi CVE-2…
Summary. CVE-2025-22224 is a critical TOCTOU (Time-of-Check Time-of-Use) vulnerability in VMware ESXi and Workstation. It lets an attacker with admin access inside a virtual machine run code on the host by exploiting a race condition. This allows full VM escape and could lead to control of the host…
These vulnerabilities, collectively referred to as "ESXicape," have been actively exploited in the wild. CVE-2025-22224: A Time-of-Check Time-of ...
7 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE ... VMware Vulnerabilities Exploited Actively to Deploy Ransomware - On March 4, 2025, Broadcom released emerge…