CVE-2025-22224 - VMware ESXi and Workstation TOCTOU Race Condition Vulnerability

VMware | ESXi and Workstation

• Date Added:
• 2025-03-04

• Due Date:
• 2025-03-25

Vulnerability Name

VMware ESXi and Workstation TOCTOU Race Condition Vulnerability

Description

VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22224

Top Security News

Microsoft confirms it's killing off Skype in May, after 14 years

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

U.S. recovers $31 million stolen in 2021 Uranium Finance hack

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363)

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumAbsence of Anti-CSRF Tokens

MediumMissing Anti-clickjacking Header

MediumContent Security Policy (CSP) Header Not Set

InformationalInformation Disclosure - Suspicious Comments

LowCross-Domain JavaScript Source File Inclusion

HighPII Disclosure

InformationalRe-examine Cache-control Directives

InformationalModern Web Application

Latest CVE List

CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability

CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability

CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability

CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability

CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

CVE-2024-4885 Progress WhatsUp Gold Path Traversal Vulnerability

CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability

Common CWEs

CWE-1281 Sequence of Processor Instructions Leads to Unexpected Behavior

CWE-662 Improper Synchronization

CWE-1117 Callable with Insufficient Behavioral Summary

HighCWE-863 Incorrect Authorization

HighCWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

HighCWE-650 Trusting HTTP Permission Methods on the Server Side

CWE-620 Unverified Password Change

MediumCWE-469 Use of Pointer Subtraction to Determine Size

CWE-609 Double-Checked Locking

HighCWE-309 Use of Password System for Primary Authentication