【Vulnerability Alert】VMware Security Vulnerabilities (CVE-2025-22224 and CVE-2025-22225), Please Verify and Patch Immediately
publish date :
2025-03-11
update date :
2025-03-11
Source: Ministry of education information & communication security contingency platform
| ublication Number | TACERT-ANA-2025031009034343 | Publication Time | 2025/03/10 09:33 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/03/07 09:33 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】VMware Security Vulnerabilities (CVE-2025-22224 and CVE-2025-22225), Please Verify and Patch Immediately |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202503-00000001 Security researchers have discovered Sandbox Escape vulnerabilities (CVE-2025-22224 and CVE-2025-22225) in VMware, allowing attackers with virtual machine administrative privileges to exploit these vulnerabilities to execute arbitrary code on the host machine. These vulnerabilities have already been exploited by hackers, please verify and patch immediately. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ● VMware ESXi – Versions 7.0 and 8.0 ● VMware Workstation – Version 17.x ● VMware Cloud Foundation – Version 4.5.x ● VMware Telco Cloud Platform – Versions 5.4, 4.x, 3.x, and 2.x ● VMware Telco Cloud Infrastructure – Versions 3.x and 2.x |
|||
| [Recommended Actions] The vendor has released official security updates, please refer to the official advisory and apply patches immediately: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 |
|||
| [Reference] https://nvd.nist.gov/vuln/detail/CVE-2025-22224 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center
