⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due date: 2025-03-25.

CVE-2025-22225

CWE-787 — Out-of-bounds Write CWE-1238 documents7 sources

Severity

8.2HIGH

EPSS

10.0%

top 6.95%

CISA KEV

KEVRansomware

Added 2025-03-04

Due 2025-03-25

Exploit

No known exploits

Affected products

Vmware Esxi Vmware Telco Cloud Infrastructure Vmware Telco Cloud Platform

Timeline

PublishedMar 4

KEV addedMar 4

KEV dueMar 25

Latest updateFeb 4

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages7 packages

▶CVEListV5vmware_esxi8.0 — ESXi80U3d-24585383+2

▶NVDvmware/esxi7.0, 8.0+1

▶CVEListV5vmware_cloud_foundation5.x, 4.5.x

▶CVEListV5vmware_telco_cloud_platform5.x, 4.x, 3.x, 2.x

▶NVDvmware/telco_cloud_platform7 versions+6

🔴Vulnerability Details

CVEList

CVE-2025-22225: VMware ESXi contains an arbitrary write vulnerability↗2025-03-04

▶

GHSA

GHSA-2cxw-wgvv-24jj: VMware ESXi contains an arbitrary write vulnerability↗2025-03-04

▶

VulnCheck

VMware ESXi Arbitrary Write Vulnerability↗2025

▶

📋Vendor Advisories

CISA

VMware ESXi Arbitrary Write Vulnerability↗2025-03-04

▶

🕵️Threat Intelligence

Bleepingcomputer

CISA: VMware ESXi flaw now exploited in ransomware attacks↗2026-02-04

▶