VMware splats guest-to-hypervisor escape bugs already exploited in wild

Broadcom released patches for three VMware hypervisor vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) that can be chained to escape a guest VM and fully compromise the hypervisor; the most severe is rated CVSS 9.3. Microsoft reported the bugs to Broadcom, VMware indicates in-the-wild exploitation has occurred, and administrators are urged to update and reboot affected ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform systems promptly.