Main Vulnerability Database Vulnerabilities #VU105278

#VU105278 Heap-based buffer overflow in VMware ESXi - CVE-2025-22224

Published: March 4, 2025

Vulnerability identifier: #VU105278

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:A/U:Amber

CVE-ID: CVE-2025-22224

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
VMware ESXi

Software vendor:
VMware, Inc

Description

The vulnerability allows a malicious guest to execute arbitrary code on the hypervisor.

The vulnerability exists due to a boundary error in VMCI. A malicious guest with administrative privileges can trigger a heap-based buffer overflow and execute arbitrary code on the hypervisor in the context of VMX process.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

#VU105278 Heap-based buffer overflow in VMware ESXi - CVE-2025-22224

Description

Remediation

External links

Please verify you're human