Digital Event Horizon
A newly discovered trio of vulnerabilities in VMware's virtual machine software exposes some of the most sensitive environments inside multiple customers' networks to unprecedented threats. The severity ratings for these vulnerabilities are extremely high, and organizations that rely on affected products should take immediate action to secure their networks and prevent potential attacks.
VMware has disclosed three critical vulnerabilities that allow hackers broad access to customer networks.If exploited, attackers can escape from a virtual machine and control multiple customers' VMs.The severity ratings for the three vulnerabilities are 9.3, 8.2, and 7.1 out of 10.Threat actors can potentially access every system on the same hypervisor if they escape to it.The US Cybersecurity and Infrastructure Security Agency has added all three vulnerabilities to its list of Known Exploited Vulnerabilities.
VMware has recently disclosed three critical vulnerabilities in multiple virtual-machine products, which can give hackers unusually broad access to some of the most sensitive environments inside multiple customers' networks. The class of attack made possible by exploiting these vulnerabilities is known under several names, including hyperjacking, hypervisor attack, or virtual machine escape.
Virtual machines often run inside hosting environments to prevent one customer from being able to access or control the resources of other customers. However, if a threat actor can break out of one customer's isolated VM environment, they can take control of the hypervisor that apportions each VM. From there, the attacker can access the VMs of multiple customers, who often use these carefully controlled environments to host their internal networks.
The vulnerabilities were reported to Broadcom by Microsoft Threat Intelligence Center and affect "every supported (and unsupported)" version in VMware's ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform product lines. The severity ratings for the three vulnerabilities are 9.3 out of a possible 10 for CVE-2025-22224, an arbitrary write vulnerability with a severity rating of 8.2 for CVE-2025-22225, and an information-disclosure vulnerability in the host-guest file system with a severity rating of 7.1 for CVE-2025-22226.
Security researcher Kevin Beaumont noted that if a threat actor can escape to the hypervisor, they can access every system, effectively breaking the boundary between customers' networks. This means that even if one customer's VM is compromised, an attacker may be able to take control of the host environment hypervisor and potentially all other VMs on the same hypervisor.
The US Cybersecurity and Infrastructure Security Agency has already added all three vulnerabilities to its list of Known Exploited Vulnerabilities, underscoring the severity of this threat.
It is recommended that any organization that relies on affected products investigate thoroughly and ensure their networks are safe from this threat, as the exploitation of virtual machine software has been a common method for threat actors to gain entry into sensitive networks in the past.
Related Information:
https://www.digitaleventhorizon.com/articles/New-Hyperjacking-Vulnerabilities-Expose-Sensitive-Environments-to-Unprecedented-Threats-deh.shtml
https://arstechnica.com/security/2025/03/vmware-patches-3-critical-vulnerabilities-in-multiple-product-lines/
Published: Tue Mar 4 17:47:00 2025 by llama3.2 3B Q4_K_M
