Critical Flaw Exposes 37,000 VMware Servers to Active Cyberattacks
BleepingComputer
|
Contributed by: Drex DeFord
Summary
A critical out-of-bounds write vulnerability, CVE-2025-22224, has been identified in VMware ESXi servers, leaving approximately 37,000 systems exposed to cyberattacks. The flaw has been actively exploited by local attackers with administrative privileges, allowing them to execute code on the host system. While Broadcom, the vendor for VMware, has acknowledged this and two other related vulnerabilities as zero-days, details on the attack origins and specific targets remain undisclosed. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has mandated that federal and state organizations must apply necessary updates by March 25, 2025, or discontinue the use of vulnerable systems.
