7.1

CVE-2025-22226

Warnung

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareESXi Version7.0 Update-
VMwareESXi Version7.0 Updatebeta
VMwareESXi Version7.0 Updateupdate_1
VMwareESXi Version7.0 Updateupdate_1a
VMwareESXi Version7.0 Updateupdate_1b
VMwareESXi Version7.0 Updateupdate_1c
VMwareESXi Version7.0 Updateupdate_1d
VMwareESXi Version7.0 Updateupdate_1e
VMwareESXi Version7.0 Updateupdate_2
VMwareESXi Version7.0 Updateupdate_2a
VMwareESXi Version7.0 Updateupdate_2c
VMwareESXi Version7.0 Updateupdate_2d
VMwareESXi Version7.0 Updateupdate_2e
VMwareESXi Version7.0 Updateupdate_3
VMwareESXi Version7.0 Updateupdate_3c
VMwareESXi Version7.0 Updateupdate_3d
VMwareESXi Version7.0 Updateupdate_3e
VMwareESXi Version7.0 Updateupdate_3f
VMwareESXi Version7.0 Updateupdate_3g
VMwareESXi Version7.0 Updateupdate_3i
VMwareESXi Version7.0 Updateupdate_3j
VMwareESXi Version7.0 Updateupdate_3k
VMwareESXi Version7.0 Updateupdate_3l
VMwareESXi Version7.0 Updateupdate_3m
VMwareESXi Version7.0 Updateupdate_3n
VMwareESXi Version7.0 Updateupdate_3o
VMwareESXi Version7.0 Updateupdate_3p
VMwareESXi Version7.0 Updateupdate_3q
VMwareESXi Version7.0 Updateupdate_3r
VMwareESXi Version8.0 Update-
VMwareESXi Version8.0 Updatea
VMwareESXi Version8.0 Updateb
VMwareESXi Version8.0 Updatec
VMwareESXi Version8.0 Updateupdate_1
VMwareESXi Version8.0 Updateupdate_1a
VMwareESXi Version8.0 Updateupdate_1c
VMwareESXi Version8.0 Updateupdate_1d
VMwareESXi Version8.0 Updateupdate_2
VMwareESXi Version8.0 Updateupdate_2b
VMwareESXi Version8.0 Updateupdate_2c
VMwareESXi Version8.0 Updateupdate_3
VMwareESXi Version8.0 Updateupdate_3b
VMwareESXi Version8.0 Updateupdate_3c
VMwareCloud Foundation Version-
VMwareFusion Version >= 13.0.0 < 13.6.3
VMwareTelco Cloud Platform Version2.0
VMwareTelco Cloud Platform Version2.5
VMwareTelco Cloud Platform Version2.7
VMwareTelco Cloud Platform Version3.0
VMwareTelco Cloud Platform Version4.0
VMwareTelco Cloud Platform Version4.0.1
VMwareTelco Cloud Platform Version5.0
VMwareWorkstation Version >= 17.0 < 17.6.3

04.03.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

Schwachstelle

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.69% 0.875
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 1.5 4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
security@vmware.com 7.1 2.5 4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.