CVE-2025-22226
HIGH KEV RANSOMWAREVMware ESXi, Workstation, and Fusion - Info Disclosure
Title source: llmDescription
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Scores
CVSS v3
7.1
EPSS
0.0680
EPSS Percentile
91.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Exploitation Intel
CISA KEV
2025-03-04
VulnCheck KEV
2025-03-04
ENISA EUVD
EUVD-2025-7605
Ransomware Use
Confirmed
Classification
CWE
CWE-125
Status
published
Affected Products (50)
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
... and 35 more
Timeline
Published
Mar 04, 2025
KEV Added
Mar 04, 2025
Tracked Since
Feb 18, 2026