Three Zero-Day Vulnerabilities Discovered in VMware Products

Three zero-day VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) with high CVSS scores are being actively exploited and can be chained to enable VM escape to ESXi hypervisors across nearly all supported and unsupported VMware products; immediate upgrade to Broadcom/VMware fixed versions and investigation of historical logs in hosted/multi-tenant environments are recommended.