Skip to main content

ESXi CVE-2025-22226

HIGH
Out-of-bounds Read (CWE-125)
2025-03-04 security@vmware.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
Added to CISA KEV
Oct 30, 2025 - 19:52 cisa
CISA KEV
CVE Published
Mar 04, 2025 - 12:15 nvd
HIGH 7.1

DescriptionCVE.org

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

AnalysisAI

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.

Technical ContextAI

The CWE-125 out-of-bounds read in HGFS shared folder functionality allows reading beyond allocated buffers. The leaked VMX process memory may contain data from other VMs, host memory contents, or cryptographic keys.

RemediationAI

Apply VMware patches for all three CVEs. Disable HGFS shared folders if not required. Restrict VM administrator access.

More in ESXi

View all
CVE-2025-22224 CRITICAL
9.3 Mar 04

VMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrator

CVE-2017-5753 MEDIUM POC
5.6 Jan 04

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of

CVE-2016-5330 HIGH POC
7.8 Aug 08

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 t

CVE-2025-22225 HIGH
8.2 Mar 04

VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes,

CVE-2019-5544 CRITICAL POC
9.8 Dec 06

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. Rated critical severity (CVSS 9.8),

CVE-2017-16544 HIGH POC
8.8 Nov 20

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used

CVE-2017-4924 HIGH POC
8.8 Sep 15

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8

CVE-2023-29552 HIGH POC
7.5 Apr 25

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services.

CVE-2013-1406 HIGH POC
7.2 Feb 11

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and

CVE-2017-4933 HIGH
8.8 Dec 20

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a

CVE-2017-4905 MEDIUM POC
5.5 Jun 07

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi

CVE-2013-1405 CRITICAL
10.0 Feb 15

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0

Share

CVE-2025-22226 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy