CVE-2025-22226
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
| Vendor | n/a |
| Product | esxi |
| Ecosystems | |
| Industries | Technology |
| Published | Mar 4, 2025 |
| Last Updated | Feb 26, 2026 |
⚠️ Actively Exploited — Act Now
Get instant alerts for n/a esxi
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-22226.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
n/a / ESXi
8.0 < ESXi80U3d-24585383 8.0 < ESXi80U2d-24585300 7.0 < ESXi70U3s-24585291
n/a / VMware Workstation
17.x < 17.6.3
n/a / VMware Fusion
13.x < 13.6.3
n/a / VMware Cloud Foundation
5.x, 4.5.x
n/a / VMware Telco Cloud Platform
5.x, 4.x, 3.x, 2.x
n/a / VMware Telco Cloud Infrastructure
3.x, 2.x