CVE-2025-22226

HIGH
2025-03-04 [email protected]
7.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
Added to CISA KEV
Oct 30, 2025 - 19:52 cisa
CISA KEV
CVE Published
Mar 04, 2025 - 12:15 nvd
HIGH 7.1

Tags

Information Disclosure Buffer Overflow VMware Esxi Cloud Foundation Fusion Telco Cloud Infrastructure Telco Cloud Platform Workstation

Description

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Analysis

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.

Technical Context

The CWE-125 out-of-bounds read in HGFS shared folder functionality allows reading beyond allocated buffers. The leaked VMX process memory may contain data from other VMs, host memory contents, or cryptographic keys.

Affected Products

['VMware ESXi', 'VMware Workstation', 'VMware Fusion']

Remediation

Apply VMware patches for all three CVEs. Disable HGFS shared folders if not required. Restrict VM administrator access.

Priority Score

92
Low Medium High Critical
KEV: +50
EPSS: +6.8
CVSS: +36
POC: 0

Share

CVE-2025-22226 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy