Over 37,000 VMware ESXi servers vulnerable to ongoing attacks

A critical VCMI heap overflow (CVE-2025-22224) in VMware ESXi enabling guest-to-host escape is being actively exploited as a zero-day; Shadowserver reports roughly 37,000 internet-exposed ESXi instances remain vulnerable. Broadcom released fixes (also addressing CVE-2025-22225 and CVE-2025-22226), Microsoft observed the exploits in the wild, and CISA issued guidance requiring patching or mitigation by March 25, 2025.