{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-005.pdf"
    },
    "title": "Several Vulnerabilities in VMware Products",
    "serial_number": "2025-005",
    "publish_date": "05-03-2025 10:39:29",
    "description": "On March 4, 2025, Broadcom issued an advisory regarding multiple vulnerabilities in VMware products. An attacker with access to a virtual machine could escape it to execute code on the host. Those vulnerabilities are being exploited in the wild.<br>\nIt is recommended applying update as soon as possible.<br>\n",
    "url_title": "2025-005",
    "content_markdown": "---    \ntitle: 'Several Vulnerabilities in\u00a0VMware\u00a0Products'\nnumber: '2025-005'\nversion: '1.0'\noriginal_date: '2025-03-05'\ndate: '2025-03-05'\n---\n\n_History:_\n\n* _05/03/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn March 4, 2025, Broadcom issued an advisory regarding multiple vulnerabilities in VMware products. An attacker with access to a virtual machine could escape it to execute code on the host. Those vulnerabilities are being exploited in the wild [1].\n\nIt is recommended applying update as soon as possible.\n\n# Technical Details\n\nThe vulnerability `CVE-2025-22224`, with a CVSS score of 9.3, is a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.\n\nThe vulnerability `CVE-2025-22225`, with a CVSS score of 8.2, is an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.\n\nThe vulnerability `CVE-2025-22226`, with a CVSS score of 7.1, is an information disclosure vulnerability due to an out-of-bounds read in the Host Guest File System (HGFS). A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. \n\n# Products Affected\n\nThose vulnerabilities effect :\n- VMware ESXi 7.0, 8.0\n- VMware Workstation 17.x\n- VMware Fusion 13.x\n- VMware Cloud Foundation 4.5.x, 5.x\n- VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x\n- VMware Telco Cloud Infrastructure 3.x, 2.x \n\n# Recommendations\n\nCERT-EU recommends updating to the latest version of the affected product as soon as possible to mitigate those vulnerabilities [1].\n\n# References\n\n[1] <https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>05/03/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On March 4, 2025, Broadcom issued an advisory regarding multiple vulnerabilities in VMware products. An attacker with access to a virtual machine could escape it to execute code on the host. Those vulnerabilities are being exploited in the wild [1].</p><p>It is recommended applying update as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <code>CVE-2025-22224</code>, with a CVSS score of 9.3, is a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.</p><p>The vulnerability <code>CVE-2025-22225</code>, with a CVSS score of 8.2, is an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.</p><p>The vulnerability <code>CVE-2025-22226</code>, with a CVSS score of 7.1, is an information disclosure vulnerability due to an out-of-bounds read in the Host Guest File System (HGFS). A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process. </p><h2 id=\"products-affected\">Products Affected</h2><p>Those vulnerabilities effect : - VMware ESXi 7.0, 8.0 - VMware Workstation 17.x - VMware Fusion 13.x - VMware Cloud Foundation 4.5.x, 5.x - VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x - VMware Telco Cloud Infrastructure 3.x, 2.x </p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating to the latest version of the affected product as soon as possible to mitigate those vulnerabilities [1].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390\">https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}