What is the CVSS score of CVE-2025-22224?

CVE-2025-22224 has a CVSS 3.1 base score of 9.3 (Critical). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 52.7%.

Which versions of ESXi are affected by CVE-2025-22224?

CVE-2025-22224 presents critical security risk rated CVSS 9.3. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

Is CVE-2025-22224 being actively exploited?

Yes, CVE-2025-22224 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-22224?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

ESXi CVE-2025-22224

CRITICAL

Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

2025-03-04 security@vmware.com

Buffer Overflow VMware ESXi Cloud Foundation Telco Cloud Infrastructure Telco Cloud Platform Workstation

9.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:29 vuln.today

Added to CISA KEV

Oct 30, 2025 - 19:52 cisa

CISA KEV

CVE Published

Mar 04, 2025 - 12:15 nvd

CRITICAL 9.3

DescriptionNVD

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

AnalysisAI

VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrators on VMs to escape the sandbox and execute code as the VMX process on the host.

Technical ContextAI

The CWE-367 TOCTOU race condition in the VM communication mechanism allows a malicious VM administrator to win a race between validation and use of shared data, triggering an out-of-bounds write that corrupts VMX process memory on the host.

RemediationAI

Apply VMware security patches. Restrict VM admin access. Monitor ESXi hosts for anomalous VMX process behavior. Implement vSphere Hardening Guide recommendations.

CVE-2025-22224 vulnerability details – vuln.today

Back

ESXi CVE-2025-22224

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code