Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.
This massive exposure is being reported by threat monitoring platform The Shadowserver Foundation, which reported a figure of around 41,500 yesterday.
Today, ShadowServer now reports that 37,000 are still vulnerable, indicating that 4,500 devices were patched yesterday.
CVE-2025-22224 is a critical-severity VCMI heap overflow vulnerability that enables local attackers with administrative privileges on the VM guest to escape the sandbox and execute code on the host as the VMX process.
Broadcom warned customers about it along with two other flaws, CVE-2025-22225 and CVE-2025-22226, on Tuesday, March 4, 2025, informing that all three were being exploited in attacks as zero-days.
The flaws were discovered by Microsoft Threat Intelligence Center, which observed their exploitation as zero days for an undisclosed period. Also, no information about the origin of the attacks and the targets has been shared yet.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has given federal agencies and state organizations until March 25, 2025, to apply the available updates and mitigations or stop using the product.
The Shadowserver Foundation reports that most of the vulnerable instances are in China (4,400), followed by France (4,100), the United States (3,800), Germany (2,800), Iran (2,800), and Brazil (2,200).
However, due to the widespread use of VMware ESXi, a popular hypervisor used for virtualization in enterprise IT environments for virtual machine management, the impact is global.
For more information on the ESXi versions that fix CVE-2025-22224, users are recommended to check Broadcom’s bulletin. Currently, there are no workarounds for this problem.
The vendor has also published a FAQ page for users to share additional action recommendations and impact details.
Microsoft 365 apps will prompt users to back up files in OneDrive
Free vCISO Course: Turning MSPs and MSSPs into Cybersecurity Powerhouses
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalCookie Poisoning
MediumInsecure HTTP Method
MediumBuffer Overflow
LowInsufficient Site Isolation Against Spectre Vulnerability
HighPath Traversal
InformationalVerification Request Identified
Free online web security scanner