The Shadowserver Foundation reports that most of the vulnerable instances are in China (4,400), followed by France (4,100), the United States (3,800), Germany (2,800), Iran (2,800), and Brazil (2,200). Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Broadcom warned customers about it along with two other flaws, CVE-2025-22225 and CVE-2025-22226, on Tuesday, March 4, 2025, informing that all three were being exploited in attacks as zero-days. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has given federal agencies and state organizations until March 25, 2025, to apply the available updates and mitigations or stop using the product. Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. CVE-2025-22224 is a critical-severity VCMI heap overflow vulnerability that enables local attackers with administrative privileges on the VM guest to escape the sandbox and execute code on the host as the VMX process. However, due to the widespread use of VMware ESXi, a popular hypervisor used for virtualization in enterprise IT environments for virtual machine management, the impact is global. This massive exposure is being reported by threat monitoring platform The Shadowserver Foundation, which reported a figure of around 41,500 yesterday. For more information on the ESXi versions that fix CVE-2025-22224, users are recommended to check Broadcom’s bulletin. The flaws were discovered by Microsoft Threat Intelligence Center, which observed their exploitation as zero days for an undisclosed period.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 06 Mar 2025 15:40:22 +0000