{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22224", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-01-02T04:29:30.445Z", "datePublished": "2025-03-04T11:56:12.317Z", "dateUpdated": "2025-10-21T22:55:28.319Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ESXi", "vendor": "VMware", "versions": [{"lessThan": "ESXi80U3d-24585383", "status": "affected", "version": "8.0", "versionType": "custom"}, {"lessThan": "ESXi80U2d-24585300", "status": "affected", "version": "8.0", "versionType": "custom"}, {"lessThan": "ESXi70U3s-24585291", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows", "Linux"], "product": "Workstation", "vendor": "VMware", "versions": [{"lessThan": "17.6.3", "status": "affected", "version": "17.x", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VMware Cloud Foundation", "vendor": "VMware", "versions": [{"status": "affected", "version": "5.x, 4.5.x"}]}, {"defaultStatus": "unaffected", "product": "Telco Cloud Platform", "vendor": "VMware", "versions": [{"status": "affected", "version": "5.x, 4.x, 3.x, 2.x"}]}, {"defaultStatus": "unaffected", "product": "Telco Cloud Infrastructure", "vendor": "VMware", "versions": [{"status": "affected", "version": "3.x, 2.x"}]}], "datePublic": "2025-03-04T11:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware ESXi, and Workstation</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.&nbsp;</span>A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>"}], "value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Heap-overflow vulnerability", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-04-03T14:39:46.987Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22224", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-05T04:55:22.499570Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-03-04", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "timeline": [{"time": "2025-03-04T00:00:00+00:00", "lang": "en", "value": "CVE-2025-22224 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T22:55:28.319Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22224", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-05T04:55:22.499570Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-03-04", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"}}}], "timeline": [{"lang": "en", "time": "2025-03-04T00:00:00+00:00", "value": "CVE-2025-22224 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T13:47:31.281Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "ESXi", "versions": [{"status": "affected", "version": "8.0", "lessThan": "ESXi80U3d-24585383", "versionType": "custom"}, {"status": "affected", "version": "8.0", "lessThan": "ESXi80U2d-24585300", "versionType": "custom"}, {"status": "affected", "version": "7.0", "lessThan": "ESXi70U3s-24585291", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "Workstation", "versions": [{"status": "affected", "version": "17.x", "lessThan": "17.6.3", "versionType": "custom"}], "platforms": ["Windows", "Linux"], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "VMware Cloud Foundation", "versions": [{"status": "affected", "version": "5.x, 4.5.x"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "Telco Cloud Platform", "versions": [{"status": "affected", "version": "5.x, 4.x, 3.x, 2.x"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "Telco Cloud Infrastructure", "versions": [{"status": "affected", "version": "3.x, 2.x"}], "defaultStatus": "unaffected"}], "datePublic": "2025-03-04T11:33:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware ESXi, and Workstation</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.&nbsp;</span>A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Heap-overflow vulnerability"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-04-03T14:39:46.987Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22224", "state": "PUBLISHED", "dateUpdated": "2025-10-21T22:55:28.319Z", "dateReserved": "2025-01-02T04:29:30.445Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-03-04T11:56:12.317Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cisaActionDue": "2025-03-25", "cisaExploitAdd": "2025-03-04", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "VMware ESXi and Workstation TOCTOU Race Condition Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*", "matchCriteriaId": "F030A666-1955-438B-8417-5C294905399F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*", "matchCriteriaId": "A790D41E-B398-4233-9EC7-CF5BE2BC3161", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*", "matchCriteriaId": "B7619C16-5306-4C4A-88E8-E80876635F66", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*", "matchCriteriaId": "238E7AF4-722B-423D-ABB1-424286B06715", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*", "matchCriteriaId": "1E4DE8C7-72FB-4BEC-AD9E-378786295011", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*", "matchCriteriaId": "2E6DE184-35C8-4A13-91D4-4B43E9F0168C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "D3E3A02D-6C1E-4DE8-B845-60F53C056F32", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*", "matchCriteriaId": "12D385F0-DB2B-4802-AD0E-31441DA056B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*", "matchCriteriaId": "2C202879-9230-4E1D-BAB8-4FB7CE4BBC24", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*", "matchCriteriaId": "CC6DC107-5142-4155-A33B-D5BE72E9ED38", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*", "matchCriteriaId": "39817170-5C45-4F8A-916D-81B7352055DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "4ADC3CFF-7415-46A5-817A-2F053B261E8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*", "matchCriteriaId": "A2F831A7-544E-4B45-BA49-7F7A0234579C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*", "matchCriteriaId": "80A0DD2E-F1CC-413B-91F9-E3986011A0A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*", "matchCriteriaId": "C77771B2-BC64-47A5-B6DB-9CBCC4456B67", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*", "matchCriteriaId": "86DE9CE6-F6C0-47D2-B3AB-34852A8B9603", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*", "matchCriteriaId": "E75B2F03-702E-4359-9BB2-E234F1DC38C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*", "matchCriteriaId": "ACAA9494-5248-4B01-8BC1-C38AB615FFD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*", "matchCriteriaId": "BF12014B-BF2B-42EF-B70C-59CDA8E2176F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*", "matchCriteriaId": "F965D853-EE4A-41F5-840B-2D009ACC9754", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*", "matchCriteriaId": "BA7B7313-FF53-43C9-AF4D-B639053D3FA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*", "matchCriteriaId": "9FB5738F-27E4-42C6-BD1B-F7F66A7EF0A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*", "matchCriteriaId": "FC3668A6-262B-42BF-9E90-28BAA9BB3347", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*", "matchCriteriaId": "DA4E9185-44BA-41E6-8600-C8616E199334", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*", "matchCriteriaId": "F50302BB-B950-4178-A109-358393E0A50A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3q:*:*:*:*:*:*", "matchCriteriaId": "BCCA4A31-1291-4FB4-9FA5-D2CCD086D660", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3r:*:*:*:*:*:*", "matchCriteriaId": "78604FE5-510F-4979-B2E3-D36B3083224A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*", "matchCriteriaId": "7A1A402A-9262-4B97-A0B7-E5AE045E394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*", "matchCriteriaId": "FE44B379-9943-4DD1-8514-26F87482AFA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*", "matchCriteriaId": "2A797377-8945-4D75-AA68-A768855E5842", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*", "matchCriteriaId": "79D84D76-54BE-49E9-905C-7D65B4B42D68", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "2F8767F7-7C3D-457D-9EAC-E8A30796F751", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*", "matchCriteriaId": "29AF8474-2D7A-4C5A-82B9-7A873AD90C2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*", "matchCriteriaId": "7781A2CA-D927-48CD-9932-AE42B7BA1EFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*", "matchCriteriaId": "18FD08C9-5895-4BF4-BBE0-C2DDA5F6B836", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "360C1B71-5360-4379-B0DE-63BB8F5E6DA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*", "matchCriteriaId": "B16ED7C1-9881-452A-8BE0-EDDEAEFE3D7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*", "matchCriteriaId": "ED92209F-FBD6-43F9-9A15-3842B139FCC9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "6B701151-1B57-4E2D-A9AB-586FACEA2385", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3b:*:*:*:*:*:*", "matchCriteriaId": "4230B9AA-9E0C-4AE2-814D-8DD641394879", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3c:*:*:*:*:*:*", "matchCriteriaId": "F2FA150B-93E4-44D2-BF6D-347085A95776", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*", "matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E46A694-8698-4283-9E25-01F222B63E9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "59B9476F-E5E7-46B6-AC38-4630D0933462", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "9A045567-2563-4539-8E95-361087CB7762", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D11103A7-6AB5-4E78-BE11-BC2A04A09F19", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C5F01D7-2675-4D09-B52B-B02D0EF52AEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "B5F8D61F-6E8B-4EE3-91DE-EBA6FF7D289E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "B1E94D58-26A0-4E84-8CAD-F8CDB6707642", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC33D39A-5760-467E-8284-F4E5D8082BBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "448206AA-A023-4AA1-98FD-35BC2A2AB2B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F6E30F8-B977-40A5-9E45-89B5C5E59170", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6B84F65-2E52-4445-8F97-2729B84B18E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "3124246D-3287-4657-B40D-E7B80A44E7D7", "versionEndExcluding": "17.6.3", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host."}, {"lang": "es", "value": "VMware ESXi y Workstation contienen una vulnerabilidad TOCTOU (Time-of-Check Time-of-Use) que provoca una escritura fuera de los l\u00edmites. Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede aprovechar este problema para ejecutar c\u00f3digo como el proceso VMX de la m\u00e1quina virtual que se ejecuta en el host."}], "id": "CVE-2025-22224", "lastModified": "2025-10-30T19:52:49.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "security@vmware.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-04T12:15:33.687", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-367"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-06-17T12:08:35.924734+00:00", "updated": "2025-06-17T12:08:35.924785+00:00", "vendors": ["vmware", "vmware$PRODUCT$esxi", "vmware$PRODUCT$workstation"]}