CISA, VMware warn of new vulnerabilities being exploited by hackers

VMware disclosed three severe vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) impacting ESXi, Workstation, and Fusion that Microsoft reported and that VMware and CISA say are being exploited in the wild; federal agencies were given a patch deadline and customers are urged to apply vendor updates and restart affected products. CVE-2025-22224 (CVSS 9.3) can allow an attacker with admin/root privileges in a guest VM to execute code on the host (VM escape), posing significant risk to co-located VMs and enterprise environments.