Skip to content
VULNERABILITY
VMware ESXi Vulnerabilities
There are three critical vulnerabilities for VMware:
1. VMware ESXi Arbitrary Write Vulnerability – CVE-2025-22225
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
2. VMware ESXi and Workstation TOCTOU Race Condition Vulnerability- CVE-2025-22224
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
3. VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability- CVE-2025-22226
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the VMX process.
Please review the scope of work below prior to authorizing NCI to remediate.
Scope of work:
Download and install the recommended VMware patch level from Broadcom. A restart will be required in order to complete the remediation. Downtime could be incurred depending on your VMware environment. (Estimated 1 hour of downtime).
If you would like to schedule the remediation work outside of your business hours, please have the point of contact in your support ticket communicate with our scheduling team so we can accommodate.
By completing the following form, you agree to the scope of work and remediation estimate.
