New VMware Hyperjacking Vulnerabilities Demand Immediate Patching

A critical security alert has been issued regarding New VMware vulnerabilities that are being actively exploited in the wild. These flaws, which affect VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform, pose a significant risk of hyper-jacking, a severe attack in which a threat actor can escape a virtual machine (VM) and gain control of the hypervisor. This puts entire multi-tenant environments at serious risk. 

New VMware

Understanding the New VMware Vulnerabilities:

Three critical Common Vulnerabilities and Exposures (CVEs) have been identified:

  • CVE-2025-22224 (CVSS 9.3): A heap overflow vulnerability within the Virtual Machine Communication Interface (VMCI) allows for remote code execution directly on the hypervisor.
  • CVE-2025-22225 (CVSS 8.2): An arbitrary write flaw that can lead to VM escape and a potential hypervisor takeover, granting attackers extensive control.
  • CVE-2025-22226 (CVSS 7.1): An information disclosure vulnerability that exposes memory from the host-guest file system.

These vulnerabilities are especially dangerous because they enable hyperjacking, allowing an attacker to compromise every VM on a compromised host.

Why This New VMware Threat Matters:

  • Hyperjacking Risk: A successful exploit allows attackers to gain full control of the hypervisor, endangering all VMs on that host.
  • Active Exploitation: VMware has confirmed that these vulnerabilities are being actively exploited, making immediate patching essential.
  • No Workarounds: Patching is the only effective solution to mitigate these risks.
  • CISA Alert: The Cybersecurity and Infrastructure Security Agency (CISA) has added these CVEs to its Known Exploited Vulnerabilities list, indicating the urgency of this threat.

Immediate Actions for All Businesses:

  • Apply Patches Immediately: Install the latest VMware Security Advisory (VMSA-2025-0004) patches as soon as possible.
  • Review Hardening Guides: Reinforce your VMware environments with recommended security configurations.
  • Treat as an Emergency: Prioritize patching to prevent potential attacks from nation-state actors and ransomware groups.
  • Update Affected Versions:
    • VMware ESXi 8.0 & 7.0: Apply patches (ESXi80U3d-24585383, ESXi70U3s-24585291).
    • VMware Workstation 17.x & Fusion 13.x: Update to versions 17.6.3 and 13.6.3, respectively.
    • VMware Cloud Foundation & Telco Cloud: Apply asynchronous patches.

Meta Tech’s Role in Securing Your New VMware Environment:

Meta Techs can assist your organization in:

  • Rapid Patch Deployment: We can help you quickly and efficiently deploy the necessary patches.
  • Security Assessments: We can perform comprehensive security assessments to identify any potential vulnerabilities in your VMware environment.
  • Incident Response: In the event of a security breach, our team can provide expert incident response and remediation services.
  • Managed Security Services: We offer continuous monitoring and management of your VMware environment to ensure ongoing security.

Conclusion:

These New VMware vulnerabilities pose a serious threat to businesses that rely on VMware products. 

Contact us today to learn how we can help you protect your infrastructure.

 

Related posts:

Barracuda Distributor UAEWhy Choose Barracuda Distributor UAE For Your Cybersecurity Needs?   Linux CUPSCritical Linux CUPS Vulnerability Palo Alto Networks Expedition3 Critical CVEs in Palo Alto Networks Expedition Ivanti CSAIvanti CSA Vulnerabilities in Active Exploitation 12 requirements of pci dssWhat are the 12 requirements of pci dss compliance? Ivanti PatchesIvanti Patches 11 vulnerabilities in its products

More articles

Discover with us a new world of solutions and technologies!

 Call now to explore our innovative services and make your experience with us unique and fruitful

00971568966556

Our Solutions

Address

Zalfa Buidling 305 – Dubai – United Arab Emirates
Facebook Twitter Youtube Linkedin

BLOG

Contact Us