Fixes have been issued by Broadcom for a trio of vulnerabilities impacting several versions of VMware's ESXi, vSphere, Cloud Foundation, and Telco Cloud Platform offerings, which have already been leveraged in ongoing attacks, SC Media reports.
With the exploitation of the bugs potentially enabling VMware hypervisor compromise through running virtual machines, organizations have been urged by Broadcom to immediately apply the released patches.
Most severe of the addressed flaws is the critical heap overflow issue, tracked as CVE-2025-22224, which attackers could leverage to allow code execution as the host's VMX process, while the other two were high-severity vulnerabilities, tracked as 2025-22225 and CVE-2025-22226, according to Jason Soroko, senior fellow at Sectigo. Attacks abusing the VMware flaws could have been deployed by state-sponsored and advanced persistent threat groups, noted Soroko.
"Their end goals include establishing deep, persistent access to virtualized infrastructures, bypassing security boundaries, moving laterally, exfiltrating sensitive data, deploying additional malware, and disrupting services," Soroko added.
