CVE-2025-2224: 
WordPress vulnerability analysis and mitigation

VMware ESXi and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability (CVE-2025-22224) that leads to an out-of-bounds write. The vulnerability was discovered and reported by Microsoft Threat Intelligence Center and was disclosed on March 4, 2025. The affected products include VMware ESXi, VMware Workstation Pro/Player, VMware Cloud Foundation, and VMware Telco Cloud Platform (Broadcom Advisory).

The vulnerability is a TOCTOU race condition that leads to an out-of-bounds write in VMware ESXi and Workstation. It has been assigned a Critical severity rating with a CVSSv3 base score of 9.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The vulnerability requires local access but no privileges or user interaction for exploitation (NVD).

A malicious actor with local administrative privileges on a virtual machine may exploit this vulnerability to execute code as the virtual machine's VMX process running on the host. This could lead to a complete compromise of the affected system, potentially allowing attackers to escape from guest virtual machines to the host system (Rapid7 Blog).

VMware has released patches for affected products: ESXi80U3d-24585383 for ESXi 8.0, ESXi80U2d-24585300 for ESXi 8.0, ESXi70U3s-24585291 for ESXi 7.0, and version 17.6.3 for Workstation. No workarounds are available, making it critical to apply the available patches (Broadcom Advisory).

The security community has expressed significant concern about this vulnerability due to its critical severity rating and confirmation of in-the-wild exploitation. The fact that CISA added it to their KEV catalog on the same day as the advisory's release highlights the urgency of addressing this vulnerability (Tenable Blog).