CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks

CISA and Broadcom-confirmed zero-day vulnerabilities in VMware ESXi (notably CVE-2025-22225 with CVSS 8.2 and related CVEs) are being exploited in the wild to escape VM isolation and deploy ransomware and hypervisor backdoors; CISA added CVE-2025-22225 to its KEV catalog, many ESXi instances remain exposed, and the report urges immediate patching, privilege restriction, EDR monitoring for VMX anomalies, and scanning for IOCs like unsigned drivers and VSOCK traffic.