CVE-2025-22224 is a critical vulnerability classified as a Time-of-Check Time-of-Use (TOCTOU) flaw affecting VMware ESXi and VMware Workstation. In essence, the issue arises from a race condition where the system checks a resource and then uses it without verifying that it hasnโt changed, which can lead to an out-of-bounds write. This behavior can allow a malicious actor with local administrative privileges on a guest virtual machine to execute code in the hostโs VMX process. The vulnerability is particularly concerning because it has been actively exploited in the wild, with reports indicating that tens of thousands of VMware ESXi instances could be at risk. Users are strongly advised to apply available patches immediately to mitigate potential exploitation risks.
Affected Versions
- VMware ESXi:
- 8.0: Versions earlier than the patched releases:
- Versions before ESXi80U3dโ24585383
- Versions before ESXi80U2dโ24585300
- 7.0: Versions earlier than ESXi70U3sโ24585291
- 8.0: Versions earlier than the patched releases:
- VMware Cloud Foundation:
- 5.x: Versions before ESXi80U3dโ24585383
- 4.5.x: Versions before ESXi70U3sโ24585291
- VMware Telco Platforms:
- Telco Cloud Platform: Versions 5.x, 4.x, 3.x, and 2.x earlier than the patch identified by KB389385
- Telco Cloud Infrastructure: Versions 3.x and 2.x earlier than KB389385
- VMware Workstation:
- 17.x versions earlier than 17.6.3
See more details on: