CVE-2025-22226: 
NixOS vulnerability analysis and mitigation

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability (CVE-2025-22226) discovered on March 4, 2025. The vulnerability is due to an out-of-bounds read in HGFS (Host Guest File System) and affects multiple VMware products including ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform (VMware Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. The flaw is classified as CWE-125 (Out-of-bounds Read) and requires local access to exploit. The vulnerability specifically affects the HGFS component and can be triggered by an attacker with administrative privileges to a virtual machine (VMware Advisory, Rapid7).

If successfully exploited, this vulnerability allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process. This could potentially expose sensitive information from the hypervisor (VMware Advisory, SOCRadar).

Broadcom has released patches to address this vulnerability. Organizations should upgrade to VMware Fusion version 13.6.3, VMware Workstation version 17.6.3, and apply the corresponding patches for ESXi and other affected products. There are no viable workarounds, and disabling VMware Tools does not eliminate the risk as attackers with privileged access can re-enable it (VMware Advisory).

The security community has expressed significant concern about this vulnerability, particularly due to its active exploitation in the wild. The Microsoft Threat Intelligence Center initially discovered and reported the vulnerability to Broadcom, highlighting the collaborative nature of security research in addressing critical vulnerabilities (SOCRadar).