CVE-2025-22226

Name of the Vulnerable Software and Affected Versions VMware ESXi VMware Workstation VMware Fusion VMware Cloud Foundation VMware Telco Cloud Platform VMware Telco Cloud Infrastructure versions prior to 8.0

Description The software contains an information disclosure issue due to an out-of-bounds read within the Host Guest File System (HGFS). A malicious actor with administrative privileges on a virtual machine may be able to exploit this to leak memory from the

vmx

process. This could lead to unauthorized access to protected information. The issue is actively exploited in the wild, with reports of attackers using the MAESTRO toolkit and VSOCKpuppet backdoor to escape virtual machines and gain control of the host system. The campaign often begins with a compromised edge device, such as a VPN, and can escalate to full hypervisor control, potentially for ransomware deployment and widespread disruption. The vulnerability has been exploited by Chinese-speaking hackers via SonicWall VPN, prior to public disclosure.

Recommendations For VMware ESXi, Workstation, and Fusion versions prior to 8.0, update to a newer version to address this vulnerability.