🟢 CVE-2025-22226

CVE-2025-22226 is an information disclosure vulnerability in VMware virtualization products affecting HGFS (Host-Guest File System). Despite being in CISA KEV, this is a local vulnerability requiring administrative access to a virtual machine to leak memory from the vmx process, not directly exploitable over the internet.

← Back to Overview
LOW_RISK
Risk Level
7.1
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-03-04

Added to CISA KEV: 2025-03-04 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-22226 is a high-severity information disclosure vulnerability affecting VMware ESXi, Workstation, and Fusion [1]. It was disclosed on March 4, 2025, alongside other critical vulnerabilities, as part of an emergency update release by Broadcom [2] [4].

Vulnerability Overview
  • Nature of Flaw: The vulnerability is an out-of-bounds read within the Host-Guest File System (HGFS), a component that facilitates file sharing between host and guest operating systems?id=CVE-2025-22226?kagi_q=CVE-2025-22226+details [1].
  • Impact: Successful exploitation allows an attacker to leak sensitive memory from the VMX process, potentially exposing credentials, encryption keys, or other sensitive data residing in the host's memory [1].
Exploitation and Threat Context
  • Requirements: Exploitation requires the attacker to already have administrative access within a guest virtual machine [1].
  • Active Exploitation: This vulnerability has been identified as being actively exploited in the wild [3] [4].
  • Threat Actor Usage: It has been reported that this vulnerability, in conjunction with others released at the same time, was utilized in campaigns aimed at deploying ransomware [2].
Mitigation and Status
  • Patch Status: Broadcom released emergency updates on March 4, 2025, to address this issue [2].
  • Recommendation: Organizations and users are advised to apply the vendor-provided security patches immediately [3]. If patching is not immediately possible, users should follow official vendor guidance or consider discontinuing the use of the affected products until they are secured [3].

Sources

  1. CVE‑2025‑22226: VMware HGFS Memory Leak... | Fidelis Security

    CVE ID: CVE-2025-22226. CVE Title: VMware ESXi, Workstation, and Fusion HGFS Out-of-Bounds Read Information Disclosure. Severity: High.CVE-2025-22226 is a high-severity information leak in VMware ESXi, Workstation, and Fusion’s HGFS (Host-Guest File System). Attackers with admin access inside a gues…

  2. CVE-2025-43026 | CyberSecurityBoard

    9 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE ... VMware Vulnerabilities Exploited Actively to Deploy Ransomware - On March 4, 2025, Broadcom released emerge…

  3. NVD - CVE-2025-22226

    Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ... CVE-2025-22226 Detail. Description. VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to a…

  4. VMware ESXi, Workstation, and Fusion contain an... · CVE-2025-22226 ...

    This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). ... References. https://nvd.nist.gov/vuln/detail/CVE-2025-22226. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed