CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 25, 2025
High
CISA KEVRansomwareCVE-2025-22225
VMware—ESXi
VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.
Required Action
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22225
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Mar 4, 2025
- KEV Added
- Mar 4, 2025
- Due Date
- Mar 25, 2025
- Related Articles
- 0
Vendor
VMware
ESXi