Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Broadcom warns that three zero-day vulnerabilities in VMware ESXi/Workstation/Fusion (CVE-2025-22224/22225/22226) are being actively exploited to escape guest VMs and compromise hypervisors, enabling attackers to access co-tenant virtual machines; emergency patches have been released and CISA is urging immediate patching amid reports linking exploitation to an unnamed ransomware group.