CVE-2025-22225
VMware ESXi Arbitrary Write Vulnerability
CVSS
—
No CVSS
EPSS
1.0%
p58
KEV
YES
Mar 4, 2025
Exploit Today
67
0-100
Published: — · Last modified: —
Product
VMware / ESXi
Vulnerability
VMware ESXi Arbitrary Write Vulnerability
Added to KEV
Mar 4, 2025
Remediate by
Mar 25, 2025
Known ransomware use
Yes
Summary description
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22225