CVE-2025-22224
CVSS Score
9.3
EPSS Score
0.0%
EPSS Percentile
0th
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
| Vendor | vmware |
| Product | esxi |
| Ecosystems | |
| Industries | TechnologyEnterprise |
| Published | Mar 4, 2025 |
| Last Updated | Feb 26, 2026 |
⚠️ Actively Exploited — Act Now
Get instant alerts for vmware esxi
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-22224.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
VMware / ESXi
8.0 < ESXi80U3d-24585383 8.0 < ESXi80U2d-24585300 7.0 < ESXi70U3s-24585291
VMware / Workstation
17.x < 17.6.3
VMware / VMware Cloud Foundation
5.x, 4.5.x
VMware / Telco Cloud Platform
5.x, 4.x, 3.x, 2.x
VMware / Telco Cloud Infrastructure
3.x, 2.x