Broadcom je upozorio korisnike na tri VMware ranjivosti koje se koriste u napadima.

VMware ranjivosti često se koriste za ransomware napade jer je popularan odabir za virtualizaciju i koriste ga mnogi poslovni korisnici (npr. za pohranu ili prijenos osjetljivih poslovnih podataka).

Pogođeni proizvodi: VMware ESXi, VMware Workstation Pro / Player (radna stanica), VMware Fusion, VMware Cloud Foundation, VMware Telco Cloud platforma.

Ranjivosti:

CVE-2025-22224 – CVSS 9,3
CVE-2025-22225 – CVSS 8,2
CVE-2025-22226 – CVSS 7,1

Iskorištavanjem ovih ranjivosti napadači mogu pobjeći iz virtualnog stroja (sandboxa).

Sve o ranjivim verzijama i dostupnim zakrpama pronađite na stranici: Support Content Notification – Support Portal – Broadcom support portal.

Tablica ranjivosti:

VMware Product	Version	Running On	CVE	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware ESXi	8.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi80U3d-24585383	None	FAQ
VMware ESXi	8.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi80U2d-24585300	None	FAQ
VMware ESXi	7.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi70U3s-24585291	None	FAQ
VMware Workstation	17.x	Any	CVE-2025-22224,  CVE-2025-22226	9.3, 7.1	Critical	17.6.3	None	FAQ
VMware Fusion	13.x	Any	CVE-2025-22226	7.1	Important	13.6.3	None	FAQ
VMware Cloud Foundation	5.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	Async patch to ESXi80U3d-24585383	None	Async Patching Guide: KB88287
VMware Cloud Foundation	4.5.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	Async patch to ESXi70U3s-24585291	None	Async Patching Guide: KB88287
VMware Telco Cloud Platform	5.x, 4.x, 3.x, 2.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	KB389385	None	FAQ
VMware Telco Cloud Infrastructure	3.x, 2.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	KB389385	None	FAQ