CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

CVE-2025-22226 is an information disclosure vulnerability identified in VMware’s ESXi, Workstation, and Fusion products. This vulnerability stems from an out-of-bounds read in the Host Guest File System (HGFS), which could allow attackers with administrative privileges on a virtual machine (VM) to leak memory from the VMX process. NIST NVD

What is Vulnerable to CVE-2025-22226

The following VMware products and versions are affected by CVE-2025-22226:

VMware ESXi: Versions 7.0 and 8.0
VMware Workstation Pro and Player: Version 17.xcisa.gov+7cyber.gc.ca+7SecurityWeek+7
VMware Fusion: Version 13.xThe Register
VMware Cloud Foundation: Versions 4.5.x and 5.x
VMware Telco Cloud Platform: Versions 2.x, 3.x, 4.x, and 5.x
VMware Telco Cloud Infrastructure: Versions 2.x and 3.x

These products are susceptible due to the identified vulnerability in their HGFS component. support.broadcom.com

Mitigation and Remediation for CVE-2025-22226

To address this vulnerability, VMware has released patches for the affected products. Administrators are strongly advised to apply these updates promptly to mitigate potential risks:

VMware ESXi:
- Version 8.0: Update to ESXi80U3d-24585383 or ESXi80U2d-24585300
- Version 7.0: Update to ESXi70U3s-24585291
VMware Workstation: Update to version 17.6.3
VMware Fusion: Update to version 13.6.3
VMware Cloud Foundation:
- Version 5.x: Apply the asynchronous patch corresponding to ESXi80U3d-24585383
- Version 4.5.x: Apply the asynchronous patch corresponding to ESXi70U3s-24585291
VMware Telco Cloud Platform: Refer to KB389385 for specific patch information
VMware Telco Cloud Infrastructure: Refer to KB389385 for specific patch information

No workarounds are available; applying the provided patches is essential.

Impact of Successful Exploitation of CVE-2025-22226

An attacker with administrative privileges on a VM could exploit this vulnerability to leak memory from the VMX process. This could lead to the exposure of sensitive information, potentially compromising the integrity and confidentiality of the host system. Notably, VMware has acknowledged that exploitation of this vulnerability has occurred in the wild, underscoring the critical need for prompt patching. bleepingcomputer.com+3thehackernews.com+3support.broadcom.com+3

Proof of Concept for CVE-2025-22226

As of now, there is no publicly available proof-of-concept (PoC) exploit for CVE-2025-22226. However, given that this vulnerability has been exploited in real-world attacks, it is crucial for organizations to prioritize patching and monitor for any signs of compromise.

In conclusion, CVE-2025-22226 represents a significant security risk for organizations utilizing affected VMware products. Immediate action to apply the recommended patches is essential to safeguard systems against potential exploitation.

Learn more about WNE Security products and services that can help keep you cyber safe.

Learn about CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability and other vulnerabilities and best practices by subscribing to our newsletter.

Subscribe to WNE Security’s newsletter for the latest cybersecurity best practices, 0-days, and breaking news. Or learn more about “CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure”