Vulnerability Details CVE-2025-22224
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.482
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 9.3
Proposed Action
VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-22224
-
cpe:2.3:a:vmware:cloud_foundation:-
-
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.2
-
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.5
-
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.7
-
cpe:2.3:a:vmware:telco_cloud_infrastructure:3.0
-
cpe:2.3:a:vmware:telco_cloud_platform:2.0
-
cpe:2.3:a:vmware:telco_cloud_platform:2.5
-
cpe:2.3:a:vmware:telco_cloud_platform:2.7
-
cpe:2.3:a:vmware:telco_cloud_platform:3.0
-
cpe:2.3:a:vmware:telco_cloud_platform:4.0
-
cpe:2.3:a:vmware:telco_cloud_platform:4.0.1
-
cpe:2.3:a:vmware:telco_cloud_platform:5.0
-
cpe:2.3:a:vmware:workstation:17.0
-
cpe:2.3:a:vmware:workstation:17.0.0
-
cpe:2.3:a:vmware:workstation:17.0.1
-
cpe:2.3:a:vmware:workstation:17.0.2
-
cpe:2.3:a:vmware:workstation:17.5.0
-
cpe:2.3:a:vmware:workstation:17.5.1
-
cpe:2.3:a:vmware:workstation:17.5.2
-
cpe:2.3:a:vmware:workstation:17.6.0
-
cpe:2.3:a:vmware:workstation:17.6.1
-
cpe:2.3:a:vmware:workstation:17.6.2
-
cpe:2.3:o:vmware:esxi:7.0
-
cpe:2.3:o:vmware:esxi:8.0