ESXi%2C%20Workstation%2C%20and%20Fusion

ESXi, Workstation, and Fusion

Source -

CISA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-22226

Assigner-VMware by Broadcom

View Details

Assigner-VMware by Broadcom

CVSS Score-7.1||HIGH

EPSS-2.75% / 85.44%

7 Day CHG~0.00%

Published-04 Mar, 2025 | 11:56

Updated-30 Jul, 2025 | 01:36

Known KEV||Action Due Date - 2025-03-25||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Vendor-n/a VMware (Broadcom Inc.)

Product-ESXi VMware Cloud Foundation VMware Fusion VMware Telco Cloud Infrastructure VMware Workstation VMware Telco Cloud Platform ESXi, Workstation, and Fusion

CWE ID-CWE-125

Out-of-bounds Read