8.2

CVE-2025-22225

Warning

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

Data is provided by the National Vulnerability Database (NVD)
VMwareESXi Version7.0 Update-
VMwareESXi Version7.0 Updatebeta
VMwareESXi Version7.0 Updateupdate_1
VMwareESXi Version7.0 Updateupdate_1a
VMwareESXi Version7.0 Updateupdate_1b
VMwareESXi Version7.0 Updateupdate_1c
VMwareESXi Version7.0 Updateupdate_1d
VMwareESXi Version7.0 Updateupdate_1e
VMwareESXi Version7.0 Updateupdate_2
VMwareESXi Version7.0 Updateupdate_2a
VMwareESXi Version7.0 Updateupdate_2c
VMwareESXi Version7.0 Updateupdate_2d
VMwareESXi Version7.0 Updateupdate_2e
VMwareESXi Version7.0 Updateupdate_3
VMwareESXi Version7.0 Updateupdate_3c
VMwareESXi Version7.0 Updateupdate_3d
VMwareESXi Version7.0 Updateupdate_3e
VMwareESXi Version7.0 Updateupdate_3f
VMwareESXi Version7.0 Updateupdate_3g
VMwareESXi Version7.0 Updateupdate_3i
VMwareESXi Version7.0 Updateupdate_3j
VMwareESXi Version7.0 Updateupdate_3k
VMwareESXi Version7.0 Updateupdate_3l
VMwareESXi Version7.0 Updateupdate_3m
VMwareESXi Version7.0 Updateupdate_3n
VMwareESXi Version7.0 Updateupdate_3o
VMwareESXi Version7.0 Updateupdate_3p
VMwareESXi Version7.0 Updateupdate_3q
VMwareESXi Version7.0 Updateupdate_3r
VMwareESXi Version8.0 Update-
VMwareESXi Version8.0 Updatea
VMwareESXi Version8.0 Updateb
VMwareESXi Version8.0 Updatec
VMwareESXi Version8.0 Updateupdate_1
VMwareESXi Version8.0 Updateupdate_1a
VMwareESXi Version8.0 Updateupdate_1c
VMwareESXi Version8.0 Updateupdate_1d
VMwareESXi Version8.0 Updateupdate_2
VMwareESXi Version8.0 Updateupdate_2b
VMwareESXi Version8.0 Updateupdate_2c
VMwareESXi Version8.0 Updateupdate_3
VMwareESXi Version8.0 Updateupdate_3b
VMwareESXi Version8.0 Updateupdate_3c
VMwareCloud Foundation Version-
VMwareTelco Cloud Platform Version2.0
VMwareTelco Cloud Platform Version2.5
VMwareTelco Cloud Platform Version2.7
VMwareTelco Cloud Platform Version3.0
VMwareTelco Cloud Platform Version4.0
VMwareTelco Cloud Platform Version4.0.1
VMwareTelco Cloud Platform Version5.0

04.03.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

VMware ESXi Arbitrary Write Vulnerability

Vulnerability

VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.

Description

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 5.25% 0.896
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.2 1.5 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
security@vmware.com 8.2 1.5 6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-123 Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.