For instance, in November, Broadcom warned that attackers were exploiting two VMware vCenter Server vulnerabilities: a privilege escalation to root (CVE-2024-38813) and a critical remote code execution flaw (CVE-2024-38812) identified during China's 2024 Matrix Cup hacking contest. Earlier this month, Broadcom also patched three VMware zero days (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226), which were tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. "A malicious actor with non-administrative privileges on a Windows guest VM may gain ability to perform certain high-privilege operations within that VM," VMware explains in a security advisory published on Tuesday. In January 2024, Broadcom also disclosed that Chinese state hackers had used a critical vCenter Server zero-day vulnerability (CVE-2023-34048) since late 2021 to deploy VirtualPita and VirtualPie backdoors on affected ESXi systems. Days after patches were released, threat monitoring platform Shadowserver found over 37,000 internet-exposed VMware ESXi instances vulnerable to CVE-2025-22224 attacks. VMware Tools is a suite of drivers and utilities designed to improve performance, graphics, and overall system integration for guest operating systems running in VMware virtual machines. Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. The vulnerability (CVE-2025-22230) is caused by an improper access control weakness and was reported by Sergey Bliznyuk of Positive Technologies (a sanctioned Russian cybersecurity company accused of trafficking hacking tools). Ransomware gangs and state-sponsored hackers frequently target VMware vulnerabilities, as VMware products are widely used in enterprise operations to store or transfer sensitive corporate data.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 25 Mar 2025 19:20:18 +0000