CVE-2025-22224
Published: 04 March 2025
Description
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Security Summary
CVE-2025-22224 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability in VMware ESXi and Workstation that results in an out-of-bounds write. This flaw, associated with CWE-367, carries a CVSS v3.1 base score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) and was published on 2025-03-04.
A malicious actor with local administrative privileges on a virtual machine can exploit this vulnerability to execute arbitrary code as the virtual machine's VMX process running on the host, potentially leading to full compromise of the hypervisor environment.
Mitigation details are available in the Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224, indicating active exploitation in the wild.
Details
- CWE(s)
- KEV Date Added
- 04 March 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The TOCTOU out-of-bounds write vulnerability in the VMware hypervisor directly enables a local VM administrator to execute arbitrary code in the host VMX process, achieving escape from the guest VM to the underlying host.