CVE-2025-22225 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.2 HIGH	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vmware	CNA	8.2 HIGH	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
vmware	esxi	7.0
vmware	esxi	7.0:beta
vmware	esxi	7.0:update_1
vmware	esxi	7.0:update_1a
vmware	esxi	7.0:update_1b
vmware	esxi	7.0:update_1c
vmware	esxi	7.0:update_1d
vmware	esxi	7.0:update_1e
vmware	esxi	7.0:update_2
vmware	esxi	7.0:update_2a
vmware	esxi	7.0:update_2c
vmware	esxi	7.0:update_2d
vmware	esxi	7.0:update_2e
vmware	esxi	7.0:update_3
vmware	esxi	7.0:update_3c
vmware	esxi	7.0:update_3d
vmware	esxi	7.0:update_3e
vmware	esxi	7.0:update_3f
vmware	esxi	7.0:update_3g
vmware	esxi	7.0:update_3i
vmware	esxi	7.0:update_3j
vmware	esxi	7.0:update_3k
vmware	esxi	7.0:update_3l
vmware	esxi	7.0:update_3m
vmware	esxi	7.0:update_3n
vmware	esxi	7.0:update_3o
vmware	esxi	7.0:update_3p
vmware	esxi	7.0:update_3q
vmware	esxi	7.0:update_3r
vmware	esxi	8.0
vmware	esxi	8.0:a
vmware	esxi	8.0:b
vmware	esxi	8.0:c
vmware	esxi	8.0:update_1
vmware	esxi	8.0:update_1a
vmware	esxi	8.0:update_1c
vmware	esxi	8.0:update_1d
vmware	esxi	8.0:update_2
vmware	esxi	8.0:update_2b
vmware	esxi	8.0:update_2c
vmware	esxi	8.0:update_3
vmware	esxi	8.0:update_3b
vmware	esxi	8.0:update_3c
vmware	cloud_foundation	-
vmware	telco_cloud_infrastructure	2.2
vmware	telco_cloud_infrastructure	2.5
vmware	telco_cloud_infrastructure	2.7
vmware	telco_cloud_infrastructure	3.0
vmware	telco_cloud_platform	2.0
vmware	telco_cloud_platform	2.5
vmware	telco_cloud_platform	2.7
vmware	telco_cloud_platform	3.0
vmware	telco_cloud_platform	4.0
vmware	telco_cloud_platform	4.0.1
vmware	telco_cloud_platform	5.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.
CWE-123 - Write-what-where Condition
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

Vulnerability Media Exposure

[GERMAN] Cloudsysteme gefährdet: VMware-Lücke begünstigt folgenschweren VM-Ausbruch
Broadcom warnt vor einer Sicherheitslücke in den VMware-Tools für Windows. Richtig gefährlich wird diese in Verbindung mit drei früheren Lücken. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/virtualisierung/">Virtualisierung</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=194699&page=1&ts=1742990425" width="1" />
Published: 2025-03-26T14:00:34+02:00

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390