Source: Ministry of education information & communication security contingency platform
| ublication Number | TACERT-ANA-2025031009034343 | Publication Time | 2025/03/10 09:33 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/03/07 09:33 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】VMware Security Vulnerabilities (CVE-2025-22224 and CVE-2025-22225), Please Verify and Patch Immediately |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202503-00000001 Security researchers have discovered Sandbox Escape vulnerabilities (CVE-2025-22224 and CVE-2025-22225) in VMware, allowing attackers with virtual machine administrative privileges to exploit these vulnerabilities to execute arbitrary code on the host machine. These vulnerabilities have already been exploited by hackers, please verify and patch immediately. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ● VMware ESXi – Versions 7.0 and 8.0 ● VMware Workstation – Version 17.x ● VMware Cloud Foundation – Version 4.5.x ● VMware Telco Cloud Platform – Versions 5.4, 4.x, 3.x, and 2.x ● VMware Telco Cloud Infrastructure – Versions 3.x and 2.x |
|||
| [Recommended Actions] The vendor has released official security updates, please refer to the official advisory and apply patches immediately: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 |
|||
| [Reference] https://nvd.nist.gov/vuln/detail/CVE-2025-22224 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 |
|||