Log In
Request Demo Start 30-Day Trial
Back to CVEs
CVE CVE

CVE-2025-22225

CISA Known Exploited Vulnerability (KEV)

VMware ESXi Arbitrary Write Vulnerability

March 4, 2025

March 25, 2025

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

References

Weakness Enumeration

CWE-ID CWE Name

CWE-123 		Write-what-where Condition

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
8.2
Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v2

Not defined