ГлавнаяУязвимости → CVE-2025-22224
9.3критическая

CVE-2025-22224

Описание

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Затрагиваемое ПО
Vmware EsxiVmware Cloud foundationVmware Telco cloud infrastructureVmware Telco cloud platformVmware Workstation
CVSS
Балл9.3 — критическая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224