Source URL: https://www.theregister.com/2025/03/04/vmware_plugs_three_hypervisorhijack_holes/
Source: The Register
Title: VMware patches guest-to-hypervisor escape flaws already under attack
Feedly Summary: The heap overflow in the memory unsafe code by Miss Creant
Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.…
AI Summary and Description: Yes
Summary: Broadcom has released critical patches addressing three VMware hypervisor vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) that are already being exploited in the wild. The vulnerabilities present significant risks for organizations using VMware ESXi and related products, as they allow attackers with administrative privileges on guest virtual machines to compromise the hypervisor and gain full control over the host system.
Detailed Description: The vulnerabilities identified in VMware products are serious and have already been exploited by cybercriminals, emphasizing the importance of immediate action from organizations relying on these technologies. Here is a breakdown of the major points:
* **Vulnerabilities Identified**:
– **CVE-2025-22224** (Critical): A heap-overflow vulnerability leading to out-of-bounds write with a CVSS rating of 9.3. Attackers with local administrative privileges on a VM can exploit this to execute code as the Virtual Machine Executable process on the host.
– **CVE-2025-22225**: An arbitrary write vulnerability (CVSS rating: 8.2). This allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write, causing VM escape.
– **CVE-2025-22226**: An information disclosure vulnerability (CVSS rating: 7.1) that can leak memory from the VMX process.
* **Exploitation Risks**:
– All three vulnerabilities can be exploited by an attacker who has already gained administrative control within a guest VM. Therefore, organizations allowing customer-owned VMs or having shared environments are at higher risk.
* **Recommendations**:
– Organizations should update their VMware products to the fixed versions and perform restarts promptly to protect against potential exploits.
– Enhanced security measures should be in place to prevent unauthorized access that could lead to the exploitation of these high-severity vulnerabilities.
* **Background Context**:
– Microsoft identified and reported these vulnerabilities to Broadcom, highlighting the collaborative efforts in cybersecurity to mitigate risks.
– The advisory indicates that there is evidence suggesting exploitation of these CVEs in real-world attacks, making it critically important for organizations to act quickly.
Overall, security and compliance professionals need to prioritize these updates and reinforce their security infrastructure to mitigate the risk of hypervisor breaches, which can lead to severe data breaches and other related threats.