Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

Register

Federal Agencies Given Urgent Deadline to Patch VMware Zero-Days

Hackers vs. procrastinators.
Picture of Ryan Uliss
Ryan Uliss
Contributing Writer

Save

Hourglass with grains of sand on a dark background.

Cloud computing and virtualization provider VMware has confirmed that three critical security vulnerabilities, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, are being actively exploited, prompting urgent warnings from both the company and federal cybersecurity officials.

These flaws affect VMware’s ESXi, Workstation, and Fusion products, with CVE-2025-22224 carrying a severity rating of 9.3 out of 10. According to VMware, exploitation of these vulnerabilities could allow attackers with administrative privileges on a guest virtual machine (VM) to break out of the VM and execute code on the host system. This could lead to full control over other VMs running on the same server, putting entire enterprise environments at risk.

The vulnerabilities were first reported by the Microsoft Threat Intelligence Center, and cybersecurity experts warn that both financially motivated cybercriminals and state-sponsored hacking groups have a history of targeting VMware environments for long-term persistence and data theft.

CISA has added the vulnerabilities to its Known Exploited Vulnerabilities catalog, giving federal agencies until March 25 to implement patches.

VMware has stated that there are no meaningful workarounds outside of applying vendor-supplied updates, making patching the only viable option for organizations to protect their virtualized infrastructure from attack.

Why It Matters: These vulnerabilities pose a significant risk to businesses by enabling attackers to escape VM isolation and take control of the hypervisor, potentially compromising an entire virtualized environment. Organizations that rely on VMware for cloud operations, data storage, or enterprise applications face a heightened risk of data breaches, service disruptions, and long-term security compromises.

  • Critical Exploit Details: CVE-2025-22224 is a Time-of-Check Time-of-Use flaw that enables an attacker with administrative privileges on a VM to execute code as the VMX process on the host, effectively bypassing security controls and taking over the underlying hypervisor.
  • Products at Risk: The vulnerabilities impact VMware ESXi (versions 7.0 and 8.0), Workstation 17.x, Fusion 13.x, Cloud Foundation, and Telco Cloud Platform. Patches have been issued, but VMware warns that exploitation is ongoing.
  • Active Exploitation Confirmed: VMware and Broadcom have stated that the vulnerabilities are already being exploited in real-world attacks. CISA has classified it as a critical security threat, requiring federal agencies to patch by March 25, 2025.
  • Enterprise Impact: If left unpatched, attackers could use this vulnerability to move laterally within virtualized environments, steal sensitive corporate data, and establish persistent access for further exploitation. This makes it a high-priority concern for IT administrators and cybersecurity teams.
  • No Workarounds Available: VMware has confirmed that the only effective mitigation is to apply the provided security updates, as there are no alternative fixes that do not require system restarts.

Go Deeper -> CISA, VMware Warn of New Vulnerabilities Being Exploited by Hackers – The Record

Broadcom Fixes Three VMware Zero-Days Exploited in Attacks – Bleeping Computer

VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches – The Hacker News

Save

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

View Archives
Week In Review | The National CIO Review
Infrastructure Under Attack: The Grid Hack That Went Unnoticed for 300 Days
No Vacancy for Hackers as Hotels Are Targeted in a Credential Stealing Scam
Chasing the Blue Whale: The U.S. Pursuit of AI Supremacy
More Than Just Pie: How Pi Day Reflects the Spirit of Technology and Innovation

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Unlimited Access

Digital Annual

$10.00/ month

Billed Annually

Unlimited Access

Learn More

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters