Broadcom is urging organizations, MSSPs, and others running VMware ESXi, Workstation, and Fusion to apply patches immediately to protect against zero-day vulnerabilities that the IT giant said are being exploited in the wild.
The security flaws – tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 – that can allow bad actors that already have privileged access to break out of the compromised virtual machine (VM) and grab control of the underlying host system. That gives them a launching pad into other parts of the system.
The most critical vulnerability, CVE-2025-22224, lets attackers who already have administrative access inside a VM to execute code on the host, which could give giving them control over all the other VMs running on the same server, according to Patrick Tiquet, vice president of security and architecture at Keeper Security.
“The danger here is that once attackers gain access at this level, they can spread across the entire system, steal data, and install backdoors to maintain access,” Tiquet said.
Critical Flaws
Broadcom issued an alert about the vulnerabilities this week and a notice in GitHub. The company gave one flaw, CVE-2025-22224, a criticality score of 9.3 out of 10, and said it affects VMware ESXi and Workstation. An attacker with local administrative privileges on a VM can exploit it to run code on the host system.
Another vulnerability, CVE-2025-22225 (with a score of 8.2), is described as an arbitrary write flaw on ESXi that also can enable an attacker to escape the operating system sandbox by executing malicious code and take control of the host. The third vulnerability, CVE-2025-22226 (7.1), affects ESXi, Workstation, and Fusion and allows a hacker to leak information.
There are no workarounds for any of the vulnerabilities. CISA also has put them on its list of exploited vulnerabilities, adding the federal agencies have until March 25 to apply the patches.
In its GitHub notice, Broadcom wrote that “you are affected if you are running any version of VMware ESX, VMware vSphere, VMware Cloud Foundation, or VMware Telco Cloud Platform prior to the versions listed as ‘fixed’ in the VMSA [VMware Security Advisory].”
Escaping the Sandbox
Broadcom, which bought VMware in 2023 for $69 billion, didn’t detail how the security flaws were being exploited by threat actors. Broadcom noted that Microsoft’s Threat Intelligence Center reported the active exploitation of the vulnerabilities.
“Although the three vulnerabilities share the goal of escaping the virtual machine sandbox to compromise the hypervisor, they differ technically,” said Jason Sokoro, senior fellow at Sectigo. “Their varied profiles give attackers multiple options. One flaw can be exploited independently, or they can be chained to build a more robust attack path, increasing the chance of a successful breach.”
Sokoro said that the attackers likely are sophisticated state-sponsored or advanced persistent threat (APT) with the necessary resource to get past initial defenses. He added that “their end goals include establishing deep, persistent access to virtualized infrastructures, bypassing security boundaries, moving laterally, exfiltrating sensitive data, deploying additional malware, and disrupting services.”
Keeper Security’s Tiquet said that given that the vulnerabilities are being exploited by bad actors, organizations need apply the patches immediately and take other steps, including enforcing strict access controls and implementing strong authentication for administrators.
“We’ve seen both cybercriminals and state-sponsored groups exploit VMware vulnerabilities in the past to establish long-term persistence,” he said.
Ransomware Groups and ESXi
Ransomware groups have targeted ESXi in particular in the past. Forescout researchers last year wrote that the trend of such groups exploiting the hypervisor started to ramp up in 2021 after the source code for the Babuk ransomware was leaked and that it accelerated in 2023 and 2024, with such ransomware gangs as Akira and Cactus targeting ESXi.
SentinelOne in 2023 identified 10 ransomware families – including BlackCat/ALPHV, Conti, Black Basta, and LockBit – using ESXi lockers based on the 2021 Babuk source code, and Microsoft last year wrote about attackers exploiting another vulnerability in the hypervisor.
“ESXi hypervisors host virtual machines that may include critical servers in a network,” Microsoft wrote. “In a ransomware attack, having full administrative permission on an ESXi hypervisor can mean that the threat actor can encrypt the file system, which may affect the ability of the hosted servers to run and function.”
Microsoft also noted that “it also allows the threat actor to access hosted VMs and possibly to exfiltrate data or move laterally within the network.”
