Urgent advisory: Broadcom urges VMware clients to patch critical zero-day vulnerabilities

In a recent advisory, Broadcom has sounded the alarm for VMware users, urging you to patch three critical zero-day vulnerabilities being actively exploited. These vulnerabilities, collectively dubbed “ESXicape,” affect VMware ESXi, Workstation, and Fusion products.

What are the VMware vulnerabilities?

The flaws, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow attackers with administrative access to escape the virtual machine sandbox. This means that once inside, they can gain control over your hypervisor, potentially compromising all virtual machines running on the same server. The implications of such a breach are severe, as it could lead to widespread data theft, service disruptions, and further attacks within your network.

Why is it important?

These vulnerabilities are particularly concerning because they are actively exploited in the wild. This means that attackers are already leveraging these flaws to infiltrate systems, making it crucial for you to act swiftly. The potential damage from these exploits can be extensive, affecting not just individual virtual machines but your entire server environment.

What should you do?

Broadcom has released patches for these vulnerabilities and is urging all VMware users to apply them immediately. Here are the steps you should take:

1. Identify affected systems: Determine which of your systems are running the vulnerable versions of VMware ESXi, Workstation, or Fusion.
2. Apply patches: Download and install the patches provided by Broadcom as soon as possible.
3. Monitor systems: Keep an eye on your systems for any unusual activity that might indicate an attempted or successful exploit.
4. Review security practices: Ensure that your administrative access controls are robust and that only authorised personnel have access to critical systems.

Conclusion

The discovery of the ESXicape vulnerabilities highlights the ever-present need for vigilance in cybersecurity. By promptly applying the necessary patches and maintaining strong security practices, organisations can protect themselves from these and other emerging threats. Stay safe and ensure your systems are up-to-date.

For other best practices and solutions to protect your business, head to our Cyber Security Solutions page, or fill out the contact form below to arrange a call with our security expert.