CVE-2025-22224 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 CRITICAL	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vmware	CNA	9.3 CRITICAL	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
vmware	esxi	7.0
vmware	esxi	7.0:beta
vmware	esxi	7.0:update_1
vmware	esxi	7.0:update_1a
vmware	esxi	7.0:update_1b
vmware	esxi	7.0:update_1c
vmware	esxi	7.0:update_1d
vmware	esxi	7.0:update_1e
vmware	esxi	7.0:update_2
vmware	esxi	7.0:update_2a
vmware	esxi	7.0:update_2c
vmware	esxi	7.0:update_2d
vmware	esxi	7.0:update_2e
vmware	esxi	7.0:update_3
vmware	esxi	7.0:update_3c
vmware	esxi	7.0:update_3d
vmware	esxi	7.0:update_3e
vmware	esxi	7.0:update_3f
vmware	esxi	7.0:update_3g
vmware	esxi	7.0:update_3i
vmware	esxi	7.0:update_3j
vmware	esxi	7.0:update_3k
vmware	esxi	7.0:update_3l
vmware	esxi	7.0:update_3m
vmware	esxi	7.0:update_3n
vmware	esxi	7.0:update_3o
vmware	esxi	7.0:update_3p
vmware	esxi	7.0:update_3q
vmware	esxi	7.0:update_3r
vmware	esxi	8.0
vmware	esxi	8.0:a
vmware	esxi	8.0:b
vmware	esxi	8.0:c
vmware	esxi	8.0:update_1
vmware	esxi	8.0:update_1a
vmware	esxi	8.0:update_1c
vmware	esxi	8.0:update_1d
vmware	esxi	8.0:update_2
vmware	esxi	8.0:update_2b
vmware	esxi	8.0:update_2c
vmware	esxi	8.0:update_3
vmware	esxi	8.0:update_3b
vmware	esxi	8.0:update_3c
vmware	cloud_foundation	-
vmware	telco_cloud_infrastructure	2.2
vmware	telco_cloud_infrastructure	2.5
vmware	telco_cloud_infrastructure	2.7
vmware	telco_cloud_infrastructure	3.0
vmware	telco_cloud_platform	2.0
vmware	telco_cloud_platform	2.5
vmware	telco_cloud_platform	2.7
vmware	telco_cloud_platform	3.0
vmware	telco_cloud_platform	4.0
vmware	telco_cloud_platform	4.0.1
vmware	telco_cloud_platform	5.0
vmware	workstation	17.0 ≤ 𝑥 < 17.6.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Vulnerability Media Exposure

[GERMAN] Cloudsysteme gefährdet: VMware-Lücke begünstigt folgenschweren VM-Ausbruch
Broadcom warnt vor einer Sicherheitslücke in den VMware-Tools für Windows. Richtig gefährlich wird diese in Verbindung mit drei früheren Lücken. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/virtualisierung/">Virtualisierung</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=194699&page=1&ts=1742990425" width="1" />
Published: 2025-03-26T14:00:34+02:00

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390