Urgent advisory: Broadcom urges VMware clients to patch critical zero-day vulnerabilities
News|by Leanne Bevan|11 March 2025
In a recent advisory, Broadcom has sounded the alarm for VMware users, urging you to patch three critical zero-day vulnerabilities being actively exploited. These vulnerabilities, collectively dubbed “ESXicape,” affect VMware ESXi, Workstation, and Fusion products.
What are the VMware vulnerabilities?
The flaws, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow attackers with administrative access to escape the virtual machine sandbox. This means that once inside, they can gain control over your hypervisor, potentially compromising all virtual machines running on the same server. The implications of such a breach are severe, as it could lead to widespread data theft, service disruptions, and further attacks within your network.
Why is it important?
These vulnerabilities are particularly concerning because they are actively exploited in the wild. This means that attackers are already leveraging these flaws to infiltrate systems, making it crucial for you to act swiftly. The potential damage from these exploits can be extensive, affecting not just individual virtual machines but your entire server environment.
What should you do?
Broadcom has released patches for these vulnerabilities and is urging all VMware users to apply them immediately. Here are the steps you should take:
- Identify affected systems: Determine which of your systems are running the vulnerable versions of VMware ESXi, Workstation, or Fusion.
- Apply patches: Download and install the patches provided by Broadcom as soon as possible.
- Monitor systems: Keep an eye on your systems for any unusual activity that might indicate an attempted or successful exploit.
- Review security practices: Ensure that your administrative access controls are robust and that only authorised personnel have access to critical systems.
Conclusion
The discovery of the ESXicape vulnerabilities highlights the ever-present need for vigilance in cybersecurity. By promptly applying the necessary patches and maintaining strong security practices, organisations can protect themselves from these and other emerging threats. Stay safe and ensure your systems are up-to-date.
For other best practices and solutions to protect your business, head to our Cyber Security Solutions page, or fill out the contact form below to arrange a call with our security expert.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.
