CVE-2025-22226
published 2025-03-04CVE-2025-22226: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with…
medium6CVSS 3.1
AVLACLPRHUINSCCHINAN
KEV
CISA Known Exploited Vulnerabilitydue 2025-03-25
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | >= 7.0 < ESXi70U3s-24585291 | ESXi70U3s-24585291 |
| vmware | esxi | >= 8.0 < ESXi80U3d-24585383 | ESXi80U3d-24585383 |
| vmware | esxi | >= 8.0 < ESXi80U2d-24585300 | ESXi80U2d-24585300 |
| vmware | fusion | >= 13.0.0 < 13.6.3 | 13.6.3 |
| vmware | telco_cloud_infrastructure | — | — |
| vmware | telco_cloud_infrastructure | — | — |
| vmware | telco_cloud_infrastructure | — | — |
| vmware | telco_cloud_infrastructure | — | — |
| vmware | telco_cloud_platform | — | — |
| vmware | telco_cloud_platform | — | — |
| vmware | telco_cloud_platform | — | — |
| vmware | telco_cloud_platform | — | — |
| vmware | telco_cloud_platform | — | — |
| vmware | telco_cloud_platform | — | — |
| vmware | telco_cloud_platform | — | — |
| vmware | workstation | >= 17.0 < 17.6.3 | 17.6.3 |
CVSS provenance
nvdv3.16.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
vulncheck7.1HIGH
cisa6.0MEDIUM