CVE-2025-22226
Published: 04 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Security Summary
CVE-2025-22226 is an information disclosure vulnerability in VMware ESXi, Workstation, and Fusion, stemming from an out-of-bounds read flaw in the HGFS (Host-Guest File System) component. This issue, classified under CWE-125 (Out-of-bounds Read), carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). It was published on 2025-03-04 and allows potential exposure of sensitive data from the vmx process.
A malicious actor with administrative privileges within a virtual machine can exploit this vulnerability locally. By triggering the out-of-bounds read in HGFS, the attacker can leak memory contents from the host's vmx process, achieving high confidentiality impact across a changed scope without requiring privileges on the host itself, user interaction, or complex conditions.
Mitigation details are outlined in the official Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226, indicating active exploitation in the wild and urging federal agencies to apply patches promptly.
Details
- CWE(s)
- KEV Date Added
- 04 March 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The out-of-bounds read in HGFS allows a VM admin to leak host vmx memory, directly facilitating Escape to Host (T1611), Exploitation for Privilege Escalation (T1068) by crossing VM boundary, and Exploitation for Credential Access (T1212) by exposing sensitive memory data.