Vulnerability Description
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Esxi | 7.0 |
| Vmware | Cloud Foundation | - |
| Vmware | Fusion | >= 13.0.0, < 13.6.3 |
| Vmware | Telco Cloud Infrastructure | 2.2 |
| Vmware | Telco Cloud Platform | 2.0 |
| Vmware | Workstation | >= 17.0, < 17.6.3 |
Related Weaknesses (CWE)
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/conVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-22226?
CVE-2025-22226 is a vulnerability with a CVSS score of 7.1 (HIGH). VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be ...
How severe is CVE-2025-22226?
CVE-2025-22226 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-22226?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Esxi, Vmware Cloud Foundation, Vmware Fusion, Vmware Telco Cloud Infrastructure, Vmware Telco Cloud Platform.