anonhaven
Ad

CVE-2025-22226

MEDIUM CVSS 3.1: 6.0 EPSS 4.32% ACTIVE EXPLOIT
Updated Oct 30, 2025
VMWARE

CISA Known Exploited Vulnerability (KEV)

This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended.

Due Date: Mar 25, 2025

Parameter Value
CVSS 6.0 (MEDIUM)
Affected Versions 13.0.0 — 17.6.3
Fixed In 13.6.3
Type CWE-125 (Out-of-bounds Read)
Vendor VMWARE
Public PoC Yes

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-125 Out-of-bounds Read

Vulnerable Products 57

Configuration From (including) Up to (excluding)
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3q:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:7.0:update_3r:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_3:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_3b:*:*:*:*:*:*
Vmware Esxi
cpe:2.3:o:vmware:esxi:8.0:update_3c:*:*:*:*:*:*
Vmware Cloud_Foundation
cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*
Vmware Fusion
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
 13.0.0 13.6.3
Vmware Telco_Cloud_Infrastructure
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.2:*:*:*:*:*:*:*
Vmware Telco_Cloud_Infrastructure
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.5:*:*:*:*:*:*:*
Vmware Telco_Cloud_Infrastructure
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.7:*:*:*:*:*:*:*
Vmware Telco_Cloud_Infrastructure
cpe:2.3:a:vmware:telco_cloud_infrastructure:3.0:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:2.0:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:2.5:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:2.7:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:3.0:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:4.0:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:4.0.1:*:*:*:*:*:*:*
Vmware Telco_Cloud_Platform
cpe:2.3:a:vmware:telco_cloud_platform:5.0:*:*:*:*:*:*:*
Vmware Workstation
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
 17.0 17.6.3

References 2

https://support.broadcom.com/web/ecx/support-content-notification/-/external/co…
security@vmware.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-22744

VMWARE

7.5

CVE-2026-22743

Spring

7.5

CVE-2026-22742

Spring

8.6

CVE-2026-22738

Spring

9.8

CVE-2025-22225

VMWARE

8.2