Yesterday CISA announced that it had added four new vulnerabilities their Known Exploited Vulnerabilities (KEV) catalog, including three vulnerabilities for ESXi products from VMware. Those vulnerabilities were previously reported by Broadcom with additional corporate information on the vulnerabilities here. The vulnerabilities were initially reported by the Microsoft Threat Intelligence Center.
The three reported VMware vulnerabilities are:
Write-what-where
condition - CVE-2025-22225,
TOCTOU race
condition - CVE-2025-22224, and
Out-of-bounds read - CVE-2025-22226
CISA has ordered federal agencies to apply “mitigations per
vendor instructions, follow applicable BOD 22-01 guidance for cloud services,
or discontinue use of the product if mitigations are unavailable.”
Posts
No comments:
Post a Comment